Red Hat Bugzilla – Bug 1122143
Postgresql won't start if user postgres is locked (/sbin/nologin).
Last modified: 2016-12-13 15:00:06 EST
Summary says it all. Cloning for RHEL7. +++ This bug was initially created as a clone of Bug #1122118 +++ Resolution: The workaround is to edit /etc/rc.d/init.d/postgresql, but it only lasts until the next postgresql upgrade. Fix, add '-s /bin/bash' to runuser command lines in the /etc/init.d/postgresql script. Additional info: --- Additional comment from Pavel Raiskup on 2014-07-22 17:52:22 CEST --- (In reply to Andrew Riell from comment #0) > Description of problem: > SCAP security guide recommends that all UIDs < 500 (except root) be disabled > from login by setting their shell to /sbin/nologin. If you disable the > postgres user this way, then postgresql will not start via 'service > postgresql start' Thanks for reporting this. > As SCAP gets more integrated into RHEL in 7, and more people start using > openscap functionality, this will become even more important. So, even if > this doesn't get fixed in RHEL 6, it needs to be fixed in RHEL 7. Well, in RHEL 7 there is a problem only with 'postgresql-setup' and database initialization (which is usually one-shot command). The command 'systemctl start postgresql' (or service postgresql start) itself is not affected. > Fix, add '-s /bin/bash' to runuser command lines in the > /etc/init.d/postgresql script. You seem to be correct here.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2606.html