Disable SELinux for only Apache / httpd in Linux

Q. How do I disable SELinux protection for only Apache web server in Linux? I’m using CentOS Linux server.

A. You can disable Apache SELinux protection easily. Please keep in mind that by disabling SELinux for apache you are inviting more security related problems.

ADVERTISEMENTS

Disable Apache SELinux Protection

Open /etc/selinux/targeted/booleans file using a text editor:
# vi /etc/selinux/targeted/booleans
Append or modify value for httpd_disable_trans as follows:
httpd_disable_trans=1
Save and close the file. Type the following two commands:
# setsebool httpd_disable_trans 1
# /etc/init.d/httpd restart

GUI tool to disable SELinux for Apache

Open a shell prompt
Type the command system-config-securitylevel
system-config-securitylevel &
Next select SELinux tab > click on Disable SELinux protection for httpd daemon checkbox > Save the changes
Finally restart httpd service:
# /etc/init.d/httpd restart

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
5 comments… add one
  • Crazy Mar 24, 2008 @ 13:16

    setsebool httpd_disable_trans 1
    Could not change active booleans: Invalid boolean

  • TDF Jul 10, 2008 @ 23:47

    Did you edit the file and put the whole string in? I have done the above and it works fine if the file just contains 1.

  • snerd Jul 18, 2008 @ 6:40

    Sure, disabling core security features. What could possibly go wrong? Great advice there.

  • JayBat Feb 11, 2009 @ 1:41

    Sure, disabling core security features. What could possibly go wrong? Great advice there.

    It *is* great advice, when you’re doing an engineering environment intranet server that already runs with mostly wide-open permissions, and 30-40 TB of NetApp disk that doesn’t support chcon(). :-)

    Even if the filers did have the appropriate extended attribute support, it would be a waste of time maintaining it for that application.

    Jay

  • Yo Apr 19, 2012 @ 22:13

    JayBat : In this case, don’t ever bother activating SELinux.
    put
    “SELINUX=disabled”
    into /etc/selinux/config

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.