SELinux (Security-Enhanced Linux) is a security module integrated into the Linux system that provides a system administrator an ability to have more control over the system access, security policies, including MAC (Mandatory Access Control). It limits or restricts programs, and cron jobs ability to access files, what actions they can perform by defining a security policy.
SELinux protects against misuse and unauthorized access as it:
- Restricts reading data and programs
- Restricts modifying data and programs
- Stops any program who try to bypass the security mechanism
- Restricts interfering with another process
- Prevents information security lapses
SELinux service is enabled by default when you install CentOS. Some applications may not be supporting this security mechanism, and so to make these applications work, we may need to disable or turn off SELinux. In this article, we will show you step by step procedure of disabling SELinux temporarily or permanently.
Check SELinux Status
Before we make any change to the SELinux service, we first need to check the current status of SELinux. We can do that using below command:
$ sestatus
check SELinux status
After checking the status, we need to disable SELinux. It can be disabled temporarily or permanently as you wish.
Disable SELinux Temporarily
To disable SELinux temporarily, use the following command:
# echo 0 > /selinux/enforce
Alternatively, you can use the setenforce tool as follows:
# setenforce 0
Else, use the Permissive option instead of 0 as below:
# setenforce Permissive
This method will only disable SELinux temporarily until the next reboot. It comes in handy when you want to disable SELinux for the troubleshooting session you are in. When done with fixing, you can reboot the system, so that stays protected.
Disable SELinux Permanently
To permanent disable SELinux, let’s open the config file in the path ‘/etc/sysconfig/selinux’ and edit it using Vi editor.
# vi /etc/sysconfig/selinux
disable SELinux by changing file
Carefully, change the directive SELinux=enforcing to SELinux=disabled as shown in the below image.
disable SELinux by changing the status
Now save and exit the file. Finally, reboot system for changes to take effect, and recheck the SELinux status to confirm.
$ sestatus
check SELinux status after reboot
Conclusion
That’s all about disabling SELinux temporarily and permanently. We hope you enjoyed this short tutorial. Do you perform system administration activities? When did you feel SELinux is on your way and had to disable it? Please leave a comment below mentioning your situation so that our readers can learn from it. Sharing is caring!
