Shulou(Shulou.com)06/01 Report--

This article mainly introduces Redhat Enterprise Linux how to close SELinux, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to know about it.

Red Hat Enterprise Linux 4 includes an implementation of SELinux. SELinux represents the major changes in the communication between users, programs, and processes. In this release, SELinux is installed by default and enabled for use.

During installation, you can choose to disable SELinux, set it to log only warnings, or use its targeting policy that is only valid in the following daemons: dhcpd, httpd, mysqld, named, nscd, ntpd, portmap, postgres, snmpd, squid, syslogd

The targeting policy is enabled by default.

Red Hat Enterprise Linux 4 uses extended attributes on the ext2/ext3 file system to support SELinux. This means that when a file is written to the default mounted ext2/ext3 file system, an extended property is also written.

This may cause some problems when the system has a dual boot of Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 2.1. The Red Hat Enterprise Linux2.1 kernel does not support extended attributes of files, and the system may crash when it encounters extended attributes of files.

Some Linux desktop users may need to turn off SELinux after installing Redhat Enterprise Linux 4.0. The correct way to do this is:

Change the SELINUX= "" in the / etc/selinux/config file to disabled, and then restart.

By wangzhijun, # 24. January 2006, 04:09:06

Apache and MySQL settings in SELinux

Fedora Core 3 activates the SELinux option by default during installation. SELinux provides higher security than the normal Linux kernel. In theory, when the system is overflowed due to unknown vulnerabilities, it is impossible for the average user to get the privileges of the superuser. However, it is because of the improved security of SELinux that some problems that we have never encountered before will occur when we use it.

I encountered some problems the other day when I used Fedora Core 3 to build the WebServer of PHP+MySQL. Now tidy up, if you also encounter the same problem, then, after reading this article, you should be able to solve it easily.

1. Apache-Document root must be a directory problem. There is also the problem of forbidden access to 403 Forbidden that may be concurrent with this problem.

Phenomenon description:

Instead of using the system default / var/www/html as the Document Root of the system, create a new directory and modify the configuration in / etc/httpd/conf/httpd.conf, then restart the Daemon of Apache and find that Apache cannot be started, and the system reports an error:

Document root must be a directory

However, the DocumentRoot we set up is indeed a directory, and the apache user has readable permissions.

Another situation: after creating a new virtual directory or file, cannot access, display Forbidden, 403 Error, but the file or directory has readable permissions.

The cause of the problem: at first I couldn't figure out why, but it felt like a question of permission. With the traditional Linux way of thinking, there is absolutely no problem with permission. But when you think about it, will SELinux have other security settings?

Check avc message, look at the / var/log/messages file, and find a paragraph similar to the following:

Dec 24 17:54:59 hostname kernel: audit (1098222899.827): avc:\ denied {getattr} for pid=19029 exe=/usr/sbin/httpd\ path=/var/www/html/about.html dev=dm-0 ino=373900\ scontext=root:system_r:httpd_t tcontext=user_ubject_r:user_home_t\ tclass=file

Hey, hey, here's the problem, and it's really the new features of SELinux. I set the directory or file to the user_home_t type, so the apache process does not have permissions and cannot be accessed. The SELinux target policy used by processes for Apache specifies that processes in apache can only access directories or files of type httpd_sys_content_t.

Solution:

Simply change the policy type of the directory or file to httpd_sys_content_t

Use root users

# chcon-t httpd_sys_content_t directory name or file name

You can then use the ls-laZ command to view the policy type of the file directory

So you can successfully finish Redhat Enterprise Linux and shut down SELinux.

Thank you for reading this article carefully. I hope the article "how Redhat Enterprise Linux shuts down SELinux" shared by the editor will be helpful to everyone. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.