{
"content": [
{
"type": "text",
"text": "# chcon(1) (man)\n\n## TLDR\n\n> Change SELinux security context of a file or files/directories.\n\n- View security context of a file:\n `ls {{-lZ|-l --context}} {{path/to/file}}`\n- Change the security context of a target file, using a reference file:\n `chcon --reference {{reference_file}} {{target_file}}`\n- Change the full SELinux security context of a file:\n `chcon {{user}}:{{role}}:{{type}}:{{range/level}} {{filename}}`\n- Change only the user part of SELinux security context:\n `chcon {{-u|--user}} {{user}} {{filename}}`\n- Change only the role part of SELinux security context:\n `chcon {{-r|--role}} {{role}} {{filename}}`\n- Change only the type part of SELinux security context:\n `chcon {{-t|--type}} {{type}} {{filename}}`\n- Change only the range/level part of SELinux security context:\n `chcon {{-l|--range}} {{range/level}} {{filename}}`\n\n*Source: tldr-pages*\n\n---\n\n**Summary:** chcon - change file security context\n\n**Synopsis:** chcon [OPTION]... CONTEXT FILE...\nchcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\nchcon [OPTION]... --reference=RFILE FILE...\n\n## Flags\n\n| Flag | Long | Arg | Description |\n|------|------|-----|-------------|\n| — | --dereference | — | affect the referent of each symbolic link (this is the default), rather than the sym‐ bolic link itself |\n| -h | --no-dereference | — | affect symbolic links instead of any referenced file |\n| -u | --user | — | set user USER in the target security context |\n| -r | --role | — | set role ROLE in the target security context |\n| -t | --type | — | set type TYPE in the target security context |\n| -l | --range | — | set range RANGE in the target security context |\n| — | --no-preserve-root | — | do not treat '/' specially (the default) |\n| — | --preserve-root | — | fail to operate recursively on '/' --reference=RFILE use RFILE's security context rather than specifying a CONTEXT value |\n| -R | --recursive | — | operate on files and directories recursively |\n| -v | --verbose | — | output a diagnostic for every file processed The following options modify how a hierarchy is traversed when the -R optio |\n| -H | — | — | |\n| -L | — | — | |\n| -P | — | — | --help display this help and exit |\n| — | --version | — | output version information and exit |\n\n## Section Outline\n\n- **NAME** (2 lines)\n- **SYNOPSIS** (4 lines)\n- **DESCRIPTION** (5 lines) — 14 subsections\n - --dereference (3 lines)\n - -h --no-dereference (2 lines)\n - -u --user (2 lines)\n - -r --role (2 lines)\n - -t --type (2 lines)\n - -l --range (2 lines)\n - --no-preserve-root (2 lines)\n - --preserve-root (5 lines)\n - -R --recursive (2 lines)\n - -v --verbose (5 lines)\n - -H (1 lines)\n - -L (1 lines)\n - -P (2 lines)\n - --version (2 lines)\n- **AUTHOR** (2 lines)\n- **REPORTING BUGS** (3 lines)\n- **COPYRIGHT** (5 lines)\n- **SEE ALSO** (6 lines)\n\n## Full Content\n\n### NAME\n\nchcon - change file security context\n\n### SYNOPSIS\n\nchcon [OPTION]... CONTEXT FILE...\nchcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\nchcon [OPTION]... --reference=RFILE FILE...\n\n### DESCRIPTION\n\nChange the SELinux security context of each FILE to CONTEXT. With --reference, change the\nsecurity context of each FILE to that of RFILE.\n\nMandatory arguments to long options are mandatory for short options too.\n\n#### --dereference\n\naffect the referent of each symbolic link (this is the default), rather than the sym‐\nbolic link itself\n\n#### -h --no-dereference\n\naffect symbolic links instead of any referenced file\n\n#### -u --user\n\nset user USER in the target security context\n\n#### -r --role\n\nset role ROLE in the target security context\n\n#### -t --type\n\nset type TYPE in the target security context\n\n#### -l --range\n\nset range RANGE in the target security context\n\n#### --no-preserve-root\n\ndo not treat '/' specially (the default)\n\n#### --preserve-root\n\nfail to operate recursively on '/'\n\n--reference=RFILE\nuse RFILE's security context rather than specifying a CONTEXT value\n\n#### -R --recursive\n\noperate on files and directories recursively\n\n#### -v --verbose\n\noutput a diagnostic for every file processed\n\nThe following options modify how a hierarchy is traversed when the -R option is also speci‐\nfied. If more than one is specified, only the final one takes effect.\n\n#### -H\n\n#### -L\n\n#### -P\n\n--help display this help and exit\n\n#### --version\n\noutput version information and exit\n\n### AUTHOR\n\nWritten by Russell Coker and Jim Meyering.\n\n### REPORTING BUGS\n\nGNU coreutils online help: \nReport any translation bugs to \n\n### COPYRIGHT\n\nCopyright © 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later\n.\nThis is free software: you are free to change and redistribute it. There is NO WARRANTY, to\nthe extent permitted by law.\n\n### SEE ALSO\n\nFull documentation \nor available locally via: info '(coreutils) chcon invocation'\n\n\n\nGNU coreutils 8.32 January 2026 CHCON(1)\n\n"
}
],
"structuredContent": {
"command": "chcon",
"section": "1",
"mode": "man",
"summary": "chcon - change file security context",
"synopsis": "chcon [OPTION]... CONTEXT FILE...\nchcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\nchcon [OPTION]... --reference=RFILE FILE...",
"tldr_summary": "Change SELinux security context of a file or files/directories.",
"tldr_examples": [
{
"description": "View security context of a file",
"command": "ls {{-lZ|-l --context}} {{path/to/file}}"
},
{
"description": "Change the security context of a target file, using a reference file",
"command": "chcon --reference {{reference_file}} {{target_file}}"
},
{
"description": "Change the full SELinux security context of a file",
"command": "chcon {{user}}:{{role}}:{{type}}:{{range/level}} {{filename}}"
},
{
"description": "Change only the user part of SELinux security context",
"command": "chcon {{-u|--user}} {{user}} {{filename}}"
},
{
"description": "Change only the role part of SELinux security context",
"command": "chcon {{-r|--role}} {{role}} {{filename}}"
},
{
"description": "Change only the type part of SELinux security context",
"command": "chcon {{-t|--type}} {{type}} {{filename}}"
},
{
"description": "Change only the range/level part of SELinux security context",
"command": "chcon {{-l|--range}} {{range/level}} {{filename}}"
}
],
"tldr_source": "official",
"flags": [
{
"flag": "",
"long": "--dereference",
"arg": null,
"description": "affect the referent of each symbolic link (this is the default), rather than the sym‐ bolic link itself"
},
{
"flag": "-h",
"long": "--no-dereference",
"arg": null,
"description": "affect symbolic links instead of any referenced file"
},
{
"flag": "-u",
"long": "--user",
"arg": null,
"description": "set user USER in the target security context"
},
{
"flag": "-r",
"long": "--role",
"arg": null,
"description": "set role ROLE in the target security context"
},
{
"flag": "-t",
"long": "--type",
"arg": null,
"description": "set type TYPE in the target security context"
},
{
"flag": "-l",
"long": "--range",
"arg": null,
"description": "set range RANGE in the target security context"
},
{
"flag": "",
"long": "--no-preserve-root",
"arg": null,
"description": "do not treat '/' specially (the default)"
},
{
"flag": "",
"long": "--preserve-root",
"arg": null,
"description": "fail to operate recursively on '/' --reference=RFILE use RFILE's security context rather than specifying a CONTEXT value"
},
{
"flag": "-R",
"long": "--recursive",
"arg": null,
"description": "operate on files and directories recursively"
},
{
"flag": "-v",
"long": "--verbose",
"arg": null,
"description": "output a diagnostic for every file processed The following options modify how a hierarchy is traversed when the -R option is also speci‐ fied. If more than one is specified, only the final one takes effect."
},
{
"flag": "-H",
"long": null,
"arg": null,
"description": ""
},
{
"flag": "-L",
"long": null,
"arg": null,
"description": ""
},
{
"flag": "-P",
"long": null,
"arg": null,
"description": "--help display this help and exit"
},
{
"flag": "",
"long": "--version",
"arg": null,
"description": "output version information and exit"
}
],
"examples": [],
"see_also": [],
"section_outline": [
{
"name": "NAME",
"lines": 2,
"subsections": []
},
{
"name": "SYNOPSIS",
"lines": 4,
"subsections": []
},
{
"name": "DESCRIPTION",
"lines": 5,
"subsections": [
{
"name": "--dereference",
"lines": 3,
"long": "--dereference"
},
{
"name": "-h --no-dereference",
"lines": 2,
"flag": "-h",
"long": "--no-dereference"
},
{
"name": "-u --user",
"lines": 2,
"flag": "-u",
"long": "--user"
},
{
"name": "-r --role",
"lines": 2,
"flag": "-r",
"long": "--role"
},
{
"name": "-t --type",
"lines": 2,
"flag": "-t",
"long": "--type"
},
{
"name": "-l --range",
"lines": 2,
"flag": "-l",
"long": "--range"
},
{
"name": "--no-preserve-root",
"lines": 2,
"long": "--no-preserve-root"
},
{
"name": "--preserve-root",
"lines": 5,
"long": "--preserve-root"
},
{
"name": "-R --recursive",
"lines": 2,
"flag": "-R",
"long": "--recursive"
},
{
"name": "-v --verbose",
"lines": 5,
"flag": "-v",
"long": "--verbose"
},
{
"name": "-H",
"lines": 1,
"flag": "-H"
},
{
"name": "-L",
"lines": 1,
"flag": "-L"
},
{
"name": "-P",
"lines": 2,
"flag": "-P"
},
{
"name": "--version",
"lines": 2,
"long": "--version"
}
]
},
{
"name": "AUTHOR",
"lines": 2,
"subsections": []
},
{
"name": "REPORTING BUGS",
"lines": 3,
"subsections": []
},
{
"name": "COPYRIGHT",
"lines": 5,
"subsections": []
},
{
"name": "SEE ALSO",
"lines": 6,
"subsections": []
}
]
}
}