Bug 1122118
Summary: | Postgresql won't start if user postgres is locked (/sbin/nologin). | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Andrew Riell <ariell> | |
Component: | postgresql | Assignee: | Pavel Raiskup <praiskup> | |
Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-daemons | |
Severity: | high | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 6.5 | CC: | cww, databases-maint, hhorak, ktoyama | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1122143 (view as bug list) | Environment: | ||
Last Closed: | 2016-08-10 21:09:22 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1002711, 1075802, 1122143, 1172231, 1269194 |
Description
Andrew Riell
2014-07-22 14:53:09 UTC
(In reply to Andrew Riell from comment #0) > Description of problem: > SCAP security guide recommends that all UIDs < 500 (except root) be disabled > from login by setting their shell to /sbin/nologin. If you disable the > postgres user this way, then postgresql will not start via 'service > postgresql start' Thanks for reporting this. > As SCAP gets more integrated into RHEL in 7, and more people start using > openscap functionality, this will become even more important. So, even if > this doesn't get fixed in RHEL 6, it needs to be fixed in RHEL 7. Well, in RHEL 7 there is a problem only with 'postgresql-setup' and database initialization (which is usually one-shot command). The command 'systemctl start postgresql' (or service postgresql start) itself is not affected. > Fix, add '-s /bin/bash' to runuser command lines in the > /etc/init.d/postgresql script. You seem to be correct here. FTR: fixed in RHSCL 2.0 (rh-postgresql94) postgresql-setup commit: https://fedorapeople.org/cgit/praiskup/public_git/postgresql-setup.git/commit/?id=82b9bab207ea3cc351581bab89abce48cff2ad12 |