Learn How to Disable Selinux in CentOS 7
In this tutorial we are going to learn how to disable selinux in CentOS 7. Selinux is there to make your CentOS 7 server more secure, But sometimes you may need to turn off selinux anyway.
This method works on any previous version of CentOS Linux, including CentOS 6.5 and CentOS 5. Also, you can use this method on any redhat based Linux distribution, including Red Hat Enterprise Linux (RHEL 7), Fedora, Oracle Linux and Scientific Linux.
CentOS Selinux Modes
Before you disable CentOS 7 Selinux, you need to know what are the available Selinux mode are.
There are three Selinux modes in CentOS 7
- Enforcing = Selinux is enabled and Enforcing
- Disabled = Selinux is disabled
- Permissive = Selinux is on, but only prints warnings instead of Enforcing.
Disable Selinux in CentOS 7
There are two ways we can disable selinux on CentOS 7, We can turn off selinux permanently using the configuration file or stop temporarily using setenforce command.
Disable Selinux Permanently in CentOS 7
To disable selinux permanently, we need to set SELINUX=disabled in /etc/sysconfig/selinux file.
So open the configuration file in a text editor and look for the line that reads SELINUX=. Then change the value to disabled.
SELINUX=disabled
Once it is done, you need to restart your CentOS 7 server in order to change to be effective.
systemctl reboot
Disable Selinux Temporarily on CentOs 7
To disable selinux temporarily in CentOS 7, we use setenforce command followed by the value (0 = Permissive, 1 = Enable/Enforcing).
setenforce 0
This will set selinux mode to Permissive, To re enable, type
setenforce 1
The setenforce command does not require to reboot the centos system.
When you change selinux mode using setenforce command, it won’t be permanent because, when the server reboot, it reads the /etc/sysconfig/selinux file and set the selinux mode to value defined there.
View Selinux Status
To view selinux status use either sestatus command or getenforce command.
sestatus
getenforce
Turning selinux off is not recommended, instead you should configure the selinux as you want, using commands like setsebool. So always try to keep selinux enable.