Disable SELinux for only Apache / httpd in Linux

September 13, 2007July 18, 2008in Apache, CentOS, Linux, RedHat and Friends, Security, Troubleshooting last updated July 18, 2008

Q. How do I disable SELinux protection for only Apache web server in Linux? I’m using CentOS Linux server.

A. You can disable Apache SELinux protection easily. Please keep in mind that by disabling SELinux for apache you are inviting more security related problems.

Disable Apache SELinux Protection

Open /etc/selinux/targeted/booleans file using a text editor:
# vi /etc/selinux/targeted/booleans
Append or modify value for httpd_disable_trans as follows:
httpd_disable_trans=1
Save and close the file. Type the following two commands:
# setsebool httpd_disable_trans 1 # /etc/init.d/httpd restart

GUI tool to disable SELinux for Apache

Open a shell prompt
Type the command system-config-securitylevel
system-config-securitylevel &
Next select SELinux tab > click on Disable SELinux protection for httpd daemon checkbox > Save the changes
Finally restart httpd service:
# /etc/init.d/httpd restart

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Your support makes a big difference:

I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft takes a lot of my time and hard work to produce. If everyone who reads nixCraft, who likes it, helps fund it, my future would be more secure. You can donate as little as $1 to support nixCraft:

Become a Supporter Make a contribution via Paypal/Bitcoin

5 comment

Crazy says:
March 24, 2008 at 1:16 pm
setsebool httpd_disable_trans 1
Could not change active booleans: Invalid boolean
TDF says:
July 10, 2008 at 11:47 pm
Did you edit the file and put the whole string in? I have done the above and it works fine if the file just contains 1.
snerd says:
July 18, 2008 at 6:40 am
Sure, disabling core security features. What could possibly go wrong? Great advice there.
JayBat says:
February 11, 2009 at 1:41 am
Sure, disabling core security features. What could possibly go wrong? Great advice there.
It *is* great advice, when you’re doing an engineering environment intranet server that already runs with mostly wide-open permissions, and 30-40 TB of NetApp disk that doesn’t support chcon(). :-)
Even if the filers did have the appropriate extended attribute support, it would be a waste of time maintaining it for that application.
Jay
Yo says:
April 19, 2012 at 10:13 pm
JayBat : In this case, don’t ever bother activating SELinux.
put
“SELINUX=disabled”
into /etc/selinux/config

Have a question? Post it on our forum!

Tagged as: /etc/selinux/targeted/booleans, apache disable selinux, apache selinux, apache web server, centos linux, could not change boolean, disable selinux, disable selinux apache, disable selinux for apache httpd, disable selinux httpd, httpd, httpd disable trans, linux server, se-linux protection howto disable, selinux apache, selinux httpd

Disable Apache SELinux Protection

GUI tool to disable SELinux for Apache

Posted by: Vivek Gite

Share this on (or read 5 comments/add one below):

5 comment