Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
selinux [2009/05/25 00:35] 127.0.0.1 external edit |
selinux [2012/10/15 11:58] (current) zagi old revision restored |
||
---|---|---|---|
Line 127: | Line 127: | ||
# semanage user -m -R" | # semanage user -m -R" | ||
+ | |||
+ | ===== 4 Effective Methods to Disable SELinux Temporarily or Permanently ===== | ||
+ | |||
+ | ==== Method 1: Disable SELinux Temporarily ==== | ||
+ | |||
+ | To disable SELinux temporarily you have to modify the / | ||
+ | |||
+ | # cat / | ||
+ | 1 | ||
+ | # echo 0 > / | ||
+ | # cat / | ||
+ | 0 | ||
+ | |||
+ | |||
+ | You can also use setenforce command as shown below to disable SELinux. Possible parameters to setenforce commands are: Enforcing , Permissive, 1 (enable) or 0 (disable). | ||
+ | |||
+ | # setenforce 0 | ||
+ | |||
+ | ==== Method 2: Disable SELinux Permanently ==== | ||
+ | |||
+ | |||
+ | To disable the SELinux permanently, | ||
+ | |||
+ | # cat / | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | |||
+ | Following are the possible values for the SELINUX variable in the / | ||
+ | |||
+ | * **enforcing** - The Security Policy is always Encoforced | ||
+ | * **permissive** - This just simulates the enforcing policy by only printing warning messages and not really enforcing the SELinux. This is good to first see how SELinux works and later figure out what policies should be enforced. | ||
+ | * **disabled** - Completely disable SELinux | ||
+ | |||
+ | |||
+ | Following are the possible values for SELINUXTYPE variable in the / | ||
+ | |||
+ | * **targeted** - This policy will protected only specific targeted network daemons. | ||
+ | * **strict** - This is for maximum SELinux protection. | ||
+ | |||
+ | ==== Method 3: Disable SELinux from the Grub Boot Loader ==== | ||
+ | |||
+ | If you can’t locate / | ||
+ | |||
+ | < | ||
+ | # cat / | ||
+ | default=0 | ||
+ | timeout=5 | ||
+ | splashimage=(hd0, | ||
+ | hiddenmenu | ||
+ | title Enterprise Linux Enterprise Linux Server (2.6.18-92.el5PAE) | ||
+ | root (hd0,0) | ||
+ | kernel / | ||
+ | initrd / | ||
+ | title Enterprise Linux Enterprise Linux Server (2.6.18-92.el5) | ||
+ | root (hd0,0) | ||
+ | kernel / | ||
+ | initrd / | ||
+ | </ | ||
+ | |||
+ | ==== Method 4: Disable Only a Specific Service in SELinux - HTTP/Apache ==== | ||
+ | |||
+ | |||
+ | If you are not interested in disability the whole SELinux, you can also disable SELinux only for a specific service. For example, do disable SELinux for HTTP/Apache service, modify the httpd_disable_trans variable in the / | ||
+ | |||
+ | Set the httpd_disable_trans variable to 1 as shown below. | ||
+ | |||
+ | < | ||
+ | # grep httpd / | ||
+ | httpd_builtin_scripting=1 | ||
+ | httpd_disable_trans=1 | ||
+ | httpd_enable_cgi=1 | ||
+ | httpd_enable_homedirs=1 | ||
+ | httpd_ssi_exec=1 | ||
+ | httpd_tty_comm=0 | ||
+ | httpd_unified=1 | ||
+ | </ | ||
+ | |||
+ | Set SELinux boolean value using setsebool command as shown below. Make sure to restart the HTTP service after this change. | ||
+ | |||
+ | # setsebool httpd_disable_trans 1 | ||
+ | # service httpd restart | ||
+ |