How to disable SELinux in CentOS 7

In CentOS 7, based on the open Linux kernel has a built-in security system called SELinux (Security Enhanced Linux). Thanks to this tool ensures the control of access controls. The administrator edits present policy, thereby tuning the optimum configuration utility. In the absence of rights to resolve the access is denied — this model applies to settings and other parameters. In view of the above, the tool determine the interaction between processes and users sometimes should be disabled. Today we would like to show two methods of carrying out this operation.

Disable SELinux in CentOS

The developers recommend to always keep the SELinux operating mode to”enforcing” — enforcement of rules. If the administrator will need to change this mode to “disabled”, it can be done in a single session, or permanently, by making changes to the configuration file. First check the current status of the utility to decide whether to disable it or not. For this produce just one command:

  • Run “Terminal” in any convenient method, for example, via the menu “Applications”.
  • Enable permanent superuser access by typing su -. After this, you will need to enter the password from root access. Written so the characters are never shown for security reasons.
  • Activate the command sestatusby inserting it and pressing Enter.
  • Find the line “SELinux status”to show the current status. If it is not disabled, then the tool is in active working condition.
  • Thus, using the built-in command you can quickly check the status of the built-in security system. Then I advise you to read with two methods of disabling SELinux that will be most useful in different situations.

    Method 1: Disable the current session

    Usually SELinux is disabled in order to check any OS settings or bug fixes. It is sufficient that the utility was disabled for a terminal session. It does not need to modify the configuration file, use the command sudo setenforce 0, where 0 is the shutdown value.

    To ensure that the protection was successfully disabled. After launching a new system platform it will continue its work in normal mode, that is specified in the configuration file. Don’t forget that after each restart of the OS the command given above will have to register again to re-disable SELinux.

    Method 2: Permanently disable

    Permanently disabling SELinux is active even after reboot of the OS, because the parameter can be set via the configuration file. As you might already know, change will have to manually. For this we recommend to use any convenient text editor.

  • Today for example we take the editor nano. Installed packages this app with the command sudo yum install nano.
  • To continue installation you will need to enter the password of the account superuser.
  • After successful installation, run the configuration file through this editor by typing sudo nano /etc/selinux/config.
  • Among all lines find the “SELINUX=”.
  • After the sign “=” , replace expression specified there for the disabled.
  • Save the settings by pressing the key combination Ctrl + O.
  • Do not change the file name to write, just click to Enter.
  • To exit the editor use Ctrl + X.
  • All settings are saved and activated after the restart of the OS, so in the console, paste line sudo shutdown-r now.
  • After performing these actions the security system will be active only after you change its value back to “enabled”, “enforcing” or “permissive”. Otherwise it will remain disabled always, in any action by the user or processes. Is that possible at the current session to enable SELinux via the command sudo setenforce 1.

    Each user chooses the most appropriate method of disconnection is considered today tool, because they differ in principle. In General, in both cases, the procedure is quite simple and will not cause difficulties even for inexperienced users.

    Source: lumpics.ru

    (Visited 57 times, 1 visits today)