How To Configure SELinux For Web Servers

CentOS RHEL RedHat SELinux security www

SELinux blocks basic web server features by default, this is how you allow them

Corey Regan's avatar
Authored by Corey Regan
GitHubGitHubLinkedInTwitterTwitterInstagramInstagramCredly

Published on June 16, 2020

1 min read

SELinux is good at not allowing anything to happen on a system unless it is authorized. Here are a few handy commands that help me get a new web server up and running, and allowing its websites to send emails.

Web Servers

bash:Restore default permissions to www folders/files
chcon -Rv --user system_u --type httpd_sys_content_t /var/www/html/folder/or/file
bash:Make www folders/files writable
chcon -R -t httpd_sys_rw_content_t /var/www/html/folder/or/file

Postfix Mail Server

To allow HTTPd to send mail via Postfix, there is a SELinux boolean to set.

bash:verify functionality is disabled
getsebool httpd_can_sendmail
bash:If false (disabled), enable it. The -P flag denotes persistence (setting survives reboots)
setsebool -P httpd_can_sendmail 1
bash:Can also restore SELinux context to main.cf
restorecon -v /etc/postfix/main.cf
bash:Reset Postfix permissions
postfix set-permissions