Summary says it all. Cloning for RHEL7.
+++ This bug was initially created as a clone of Bug #1122118 +++
The workaround is to edit /etc/rc.d/init.d/postgresql, but it only lasts until
the next postgresql upgrade.
Fix, add '-s /bin/bash' to runuser command lines in the /etc/init.d/postgresql
--- Additional comment from Pavel Raiskup on 2014-07-22 17:52:22 CEST ---
(In reply to Andrew Riell from comment #0)
> Description of problem:
> SCAP security guide recommends that all UIDs < 500 (except root) be disabled
> from login by setting their shell to /sbin/nologin. If you disable the
> postgres user this way, then postgresql will not start via 'service
> postgresql start'
Thanks for reporting this.
> As SCAP gets more integrated into RHEL in 7, and more people start using
> openscap functionality, this will become even more important. So, even if
> this doesn't get fixed in RHEL 6, it needs to be fixed in RHEL 7.
Well, in RHEL 7 there is a problem only with 'postgresql-setup' and database
initialization (which is usually one-shot command). The command 'systemctl
start postgresql' (or service postgresql start) itself is not affected.
> Fix, add '-s /bin/bash' to runuser command lines in the
> /etc/init.d/postgresql script.
You seem to be correct here.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.