DTT

How To Disable SELinux on CentOS 7

Published: September 14, 2017 (Updated: Sep 14, 2017)
#SELinux #CentOS 7 #Linux Administration

Enjoying this content? Subscribe to the Channel!

Stop the Headaches: How to Safely Disable SELinux on CentOS 7 Permanently

Welcome to Darren’s Tech Tutorials! If you’ve ever tried setting up a web server or a new application on CentOS 7 only to be met with frustrating permission errors, chances are SELinux (Security-Enhanced Linux) was the culprit.

While SELinux is a crucial security feature designed to limit the privileges of processes, it often causes unintended conflicts when installing or configuring common services. If you already have a robust firewall setup (like firewalld or iptables), disabling SELinux is a common, practical step many administrators take to ensure smooth operations.

This quick, comprehensive guide will walk you through the process of temporarily and permanently disabling SELinux on your CentOS 7 system, minimizing disruption and maximizing functionality.

What is SELinux and Why Would I Disable It?

SELinux operates based on security policies, restricting what files and resources processes can access. It runs in one of three modes:

  1. Enforcing: Blocks all unauthorized actions (the default).
  2. Permissive: Logs warnings but allows unauthorized actions (helpful for troubleshooting).
  3. Disabled: Completely off.

If you are running a simple home server, a development environment, or if you rely primarily on network-level security (your firewall and physical network security), SELinux can often be safely turned off to eliminate configuration headaches.

A Quick Security Note: When you disable SELinux, you are reducing one layer of protection. Always ensure your firewall settings are locked down and that your system is patched and updated!

Step 1: Temporarily Disabling SELinux (Runtime Change)

If you are currently experiencing an issue and want to verify if SELinux is the cause immediately, you can temporarily disable it without rebooting.

This change takes effect instantly but will not persist after the system reboots.

Open your terminal and execute the following command:

sudo setenforce 0
  • setenforce 0 sets the system to Permissive mode.
  • To set it to Disabled immediately (temporarily), you can sometimes use setenforce Disabled, but switching the system configuration file (Step 2) is the proper method for full disablement.

How to Check the Current Status

You can verify the current operational status using the sestatus command:

sestatus

If the output shows Current mode: permissive, you have successfully disabled it temporarily. Now let’s make that change stick!

Step 2: Permanently Configuring SELinux

To ensure SELinux remains disabled even after a system reboot, we need to edit its configuration file.

We will use the powerful vi editor, which is standard on CentOS systems.

Open the SELinux configuration file:

sudo vi /etc/sysconfig/selinux

Once the file is open, look for the line that defines the SELINUX status. It likely looks like this:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing

Use your arrow keys to navigate to the SELINUX=enforcing line.

  1. Press i to enter INSERT mode in vi.

  2. Change the line from SELINUX=enforcing to:

    SELINUX=disabled

  3. Press Esc to exit INSERT mode.

  4. Type :wq (write and quit) and hit Enter to save the changes.

Step 3: Reboot and Verify

The permanent configuration change (setting the policy to disabled) requires a full system reboot to take effect. The temporary commands from Step 1 are overridden when the system reads the new configuration file upon startup.

Reboot your CentOS 7 machine using the command:

sudo init 6

Wait a moment for your system to restart and then log back in.

Final Verification

Once logged back into the terminal, run the status check one last time:

sestatus

The output should now clearly reflect that SELinux is permanently off:

SELinux status:                 disabled

Congratulations! You have successfully and permanently disabled SELinux on your CentOS 7 installation. You should now find that common services and applications behave exactly as expected without interference from security contexts.

What’s Next?

Now that you’ve wrestled SELinux into submission, your CentOS 7 system is ready for the exciting stuff! You can confidently move forward with installing web servers, database systems, or any other application that previously encountered permission barriers.

If you found this guide helpful, hit that Like button, subscribe to Darren’s Tech Tutorials for more clear, actionable guides, and drop a comment below telling us what project you’re building next! Happy coding!