Disable SELinux for only Apache / httpd in Linux

Posted on in Categories , , , , , last updated July 18, 2008

Q. How do I disable SELinux protection for only Apache web server in Linux? I’m using CentOS Linux server.

A. You can disable Apache SELinux protection easily. Please keep in mind that by disabling SELinux for apache you are inviting more security related problems.

Disable Apache SELinux Protection

Open /etc/selinux/targeted/booleans file using a text editor:
# vi /etc/selinux/targeted/booleans
Append or modify value for httpd_disable_trans as follows:
httpd_disable_trans=1
Save and close the file. Type the following two commands:
# setsebool httpd_disable_trans 1
# /etc/init.d/httpd restart

GUI tool to disable SELinux for Apache

Open a shell prompt
Type the command system-config-securitylevel
system-config-securitylevel &
Next select SELinux tab > click on Disable SELinux protection for httpd daemon checkbox > Save the changes
Finally restart httpd service:
# /etc/init.d/httpd restart

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Share this on:

5 comment

  4. Sure, disabling core security features. What could possibly go wrong? Great advice there.

    It *is* great advice, when you’re doing an engineering environment intranet server that already runs with mostly wide-open permissions, and 30-40 TB of NetApp disk that doesn’t support chcon(). :-)

    Even if the filers did have the appropriate extended attribute support, it would be a waste of time maintaining it for that application.

    Jay

    Reply Report comment

Leave a Comment

Tagged as: Tags , , , , , , , , , , , , , , ,