From Linux Bash Shell Scripting Tutorial Wiki
Jump to navigation Jump to search

The Apache HTTP Server is a web server software for Linux, UNIX, Windows and many other platforms. However, the majority of web servers using Apache run a Linux / Unix like operating system. Apache is written in C programming language. Apache is used to serve static content (such as images, javascripts) and dynamic Web pages created by php, perl, python. Many open source web applications are designed expecting the environment and features that Apache provides. One of such feature is mod_rewrite which can be used to generate search engine friendly url and other tasks without modifying httpd.conf file.


The httpd is the Apache HyperText Transfer Protocol (HTTP) daemon i.e. server program. httpd_selinux is a Security Enhanced Linux Policy for the httpd daemon under Fedora, Redhat, and CentOS Linux. It secures the httpd server via flexible mandatory access control. SELinux httpd policy is very flexible allowing users to setup their web services in as secure a method as possible.

SELinux and httpd contexts

The following file contexts types are defined for httpd:

  1. httpd_sys_content_t : Set files with httpd_sys_content_t for content which is available from all httpd scripts and the daemon.
  2. httpd_sys_script_exec_t : Set cgi scripts with httpd_sys_script_exec_t to allow them to run with access to all sys types.
  3. httpd_sys_script_ro_t : Set files with httpd_sys_script_ro_t if you want httpd_sys_script_exec_t scripts to read the data, and disallow other sys scripts from access.
  4. httpd_sys_script_rw_t : Set files with httpd_sys_script_rw_t if you want httpd_sys_script_exec_t scripts to read/write the data, and disallow other non sys scripts from access.
  5. httpd_sys_script_ra_t : Set files with httpd_sys_script_ra_t if you want httpd_sys_script_exec_t scripts to read/append to the file, and disallow other non sys scripts from access.
  6. httpd_unconfined_script_exec_t Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection for httpd.

How do I configure httpd SELinux contexts?

You need to use the setsebool command. In this example, allow cgi scripts to be executed, set httpd_enable_cgi to allow this

setsebool -P httpd_enable_cgi 1

To verify or to view current settings use the getsebool command.

How do I start / stop / restart Apache server?

Use the service command as follows to start, stop, and restart the apache server:

service httpd start
service httpd stop
service httpd restart


httpd.conf is a default apache web server configuration file. It stores information on on various functions of the server. This file can be edited with the text editor such as vi:

cd /etc/httpd/conf/
vi httpd.conf

External links