You need a database and the package manager stalls
You just finished writing a backend service and need a reliable relational database. You run the install command, but the service refuses to start, or the terminal drops you into a shell where you cannot connect to any database. Fedora ships PostgreSQL in a clean, secure state. That security posture means the default configuration refuses remote connections and requires local peer authentication. You have to initialize the data directory and adjust the authentication rules before your application can talk to the server.
What the installation actually does
PostgreSQL does not run as a single monolithic process. It uses a client-server architecture where a central postmaster process listens for connections and spawns backend processes for each active session. The data lives in a cluster directory, usually /var/lib/pgsql/data. When you install the package, Fedora gives you the binaries and the configuration templates. It does not create the data directory or the default administrative user. You must run the initialization script to generate the cluster files, set the default locale, and create the postgres system user. Think of the initialization step like formatting a drive and creating the root filesystem before you can mount it. Without that step, the systemd unit has nothing to start.
Run journalctl -xe after any service failure. The explanatory text flag reveals the exact line in the config file that caused the abort.
Install and initialize the cluster
The base package contains the server daemon and core utilities. The postgresql-contrib package adds extension modules like pgcrypto for hashing, hstore for key-value storage, and pg_trgm for text search. Install both to avoid missing dependency errors later.
Here is how to pull the packages and prepare the data directory.
sudo dnf install postgresql-server postgresql-contrib -y
# -y skips the confirmation prompt so the transaction runs unattended
# postgresql-contrib ships extensions that many ORMs and tools expect by default
sudo postgresql-setup --initdb
# --initdb creates /var/lib/pgsql/data, sets ownership to the postgres user,
# and generates the default postgresql.conf and pg_hba.conf files
sudo systemctl enable --now postgresql
# enable creates the systemd symlink for boot persistence
# --now starts the service immediately without requiring a second command
The initialization script runs as root because it must create directories outside the normal user home path and set strict ownership permissions. The postgres system user is created automatically if it does not already exist. The systemd unit expects the data directory to be owned exclusively by that user. Any deviation in ownership will cause the service to fail on startup.
Check the service state before you attempt to connect. systemctl status postgresql shows the active state and the last five log lines in one view.
Configure the server for real work
PostgreSQL reads two primary configuration files. postgresql.conf controls memory allocation, connection limits, and network binding. pg_hba.conf controls client authentication and IP allowlisting. Both files live in /etc/postgresql/16/main/ on modern Fedora releases. Never edit the templates in /usr/lib/pgsql/data/. Those files ship with the package and get overwritten on every dnf upgrade. Always work in /etc/.
Here is how to adjust the network binding so remote clients can reach the server.
# /etc/postgresql/16/main/postgresql.conf
# listen_addresses = 'localhost'
listen_addresses = '*'
# '*' tells the postmaster to bind to all available network interfaces
# Uncommenting this line replaces the default localhost-only restriction
Here is how to update the authentication rules to allow password-based logins from your local network.
# /etc/postgresql/16/main/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256
host all all 192.168.1.0/24 scram-sha-256
# scram-sha-256 is the default password encryption method since PostgreSQL 14
# md5 is deprecated and will be removed in future major releases
# The order matters. PostgreSQL stops at the first matching line
Reload the configuration after every edit. The systemctl reload postgresql command applies changes without dropping active connections. If you skip the reload, the runtime configuration and the persistent configuration diverge, which causes confusing behavior during debugging.
Restart the service if you changed listen_addresses. Network binding requires a full daemon restart to release and rebind the sockets.
Verify the connection
The postgres user is the default superuser created during initialization. It maps to the operating system user of the same name. Switch to that user to test the local peer authentication path.
Here is how to open a local shell and run a basic query.
sudo -i -u postgres
# -i simulates a full login shell with the postgres user environment
# -u specifies the target user for the sudo session
psql -c "SELECT version();"
# -c runs a single command and exits immediately
# This confirms the server is running and accepting local queries
You should see output similar to PostgreSQL 16.x on x86_64-fedora-linux-gnu, compiled by gcc (GCC) 14.x.x, 64-bit. If the command returns that string, the cluster is healthy and the authentication chain is working. Run systemctl status postgresql one more time to confirm the unit shows active (running) with no recent error lines.
Test the remote connection from your application host before you commit the configuration to version control. A working psql connection proves the firewall and routing rules are correct.
Common pitfalls and what the error looks like
The most frequent failure is an authentication mismatch. The default pg_hba.conf uses peer authentication for local Unix sockets. That method requires the operating system username to match the PostgreSQL username exactly. If you try to connect as your regular user, the server rejects the request.
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: Peer authentication failed for user "postgres"
Switch to the postgres user with sudo -i -u postgres or change the local line in pg_hba.conf to scram-sha-256. Reload the service after the change.
The second common failure is a refused connection on the network interface. This happens when listen_addresses is still set to localhost or when the firewall blocks port 5432.
psql: error: could not connect to server: Connection refused
Is the server running on host "192.168.1.10" and accepting
TCP/IP connections on port 5432?
Verify the binding with ss -tlnp | grep 5432. If the output shows 127.0.0.1:5432, the server is only listening locally. Update postgresql.conf and restart. Open the port in firewalld with sudo firewall-cmd --permanent --add-service=postgresql followed by sudo firewall-cmd --reload. The persistent and runtime configurations must match.
SELinux denials appear as one-line summaries in journalctl -t setroubleshoot. The policy usually blocks non-standard data directories or custom socket paths. Read the denial message before disabling the security module. Adjust the file context with semanage fcontext and restore it with restorecon instead of switching to permissive mode.
Check the socket path before you guess. Half the time the client is looking in /tmp while the server wrote to /var/run/postgresql.
When to use this vs alternatives
Use PostgreSQL when you need ACID compliance, complex joins, and a mature extension ecosystem for geospatial or full-text search. Use SQLite when you are building a single-user application or an embedded tool that does not require concurrent network access. Use MariaDB when your stack depends on MySQL-compatible syntax or legacy PHP applications. Use a managed cloud database when you want automated backups, patching, and horizontal scaling without managing systemd units. Stay on the Fedora package when you want seamless integration with dnf, SELinux policies, and the system firewall.
Pick the tool that matches your concurrency model. Database choice dictates your deployment architecture.