PostgreSQL 14 is a stable and widely-supported version of the open-source relational database known for advanced features like incremental sorting, enhanced parallel processing, and improved JSON handling. Whether you need a reliable backend for web applications, a database for analytics and reporting, or a development environment for testing application logic, PostgreSQL 14 provides the flexibility and performance to handle these workloads effectively.
By the end of this guide, you will have PostgreSQL 14 fully installed on Fedora, with the database initialized, the service running on port 5432, and firewall rules configured for remote access. Additionally, you will learn how to create users and databases, configure authentication, and troubleshoot common issues.
Choose Your PostgreSQL Installation Method
Fedora provides PostgreSQL through its default repositories, but the version available may not match your requirements. As an alternative, the PostgreSQL Global Development Group (PGDG) maintains dedicated repositories with multiple PostgreSQL versions, giving you more control over which release to install.
| Method | Channel | Version | Updates | Best For |
|---|---|---|---|---|
| PGDG Repository | PostgreSQL RPM | 14.x (latest patch) | Automatic via DNF | Users needing a specific major version with timely security updates |
| Fedora Default | Fedora Repos | Varies by release | Automatic via DNF | Users who prefer distribution-tested packages and do not require a specific version |
This guide uses the PGDG repository because it provides PostgreSQL 14 with the latest security patches regardless of which version Fedora ships by default. If you only need whatever PostgreSQL version Fedora provides, you can install it with sudo dnf install postgresql-server instead of following the steps below.
Update Fedora Before PostgreSQL 14 Installation
Before installing new software, update your Fedora system to ensure all packages are current. This step helps prevent potential conflicts during the PostgreSQL installation and ensures you have the latest security patches.
sudo dnf upgrade --refreshHere, the --refresh flag forces DNF to re-download repository metadata even if it appears current, ensuring you get the most up-to-date package information.
Import the PostgreSQL Repository
The PostgreSQL Global Development Group provides official RPM packages for Fedora through their dedicated repository. First, import the repository configuration package, which sets up the repository sources and GPG keys automatically.
sudo dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/F-$(rpm -E %fedora)-x86_64/pgdg-fedora-repo-latest.noarch.rpmThe
$(rpm -E %fedora)expression automatically expands to your current Fedora release number (such as 42, 43, or 44), making this command work across different Fedora versions without modification.
After running this command, DNF will import the PostgreSQL GPG key. When prompted, confirm the key import by pressing y. The expected output shows the repository package being installed:
Installing: pgdg-fedora-repo noarch 42.0-43PGDG @commandline 15.7 KiB Transaction Summary: Installing: 1 package Complete!
Install PostgreSQL 14
With the repository configured, install the PostgreSQL 14 server package along with the documentation. The -y flag automatically confirms the installation prompt.
sudo dnf install -y postgresql14-server postgresql14-docsAs a result, DNF will download and install the packages along with their dependencies, including the PostgreSQL client tools and shared libraries:
Installing: postgresql14-docs x86_64 14.20-1PGDG.f43 pgdg14 40.6 MiB postgresql14-server x86_64 14.20-1PGDG.f43 pgdg14 23.3 MiB Installing dependencies: postgresql14 x86_64 14.20-1PGDG.f43 pgdg14 7.7 MiB postgresql14-libs x86_64 14.20-1PGDG.f43 pgdg14 918.6 KiB ... Complete!
Install Optional Development Packages
If you plan to compile PostgreSQL extensions or develop applications that link against PostgreSQL libraries, install the development package:
sudo dnf install -y postgresql14-develFor additional functionality such as procedural languages and contributed modules, you can install the following packages:
sudo dnf install -y postgresql14-contrib postgresql14-plperl postgresql14-plpython3 postgresql14-pltclIn particular, these packages provide:
postgresql14-contrib: Additional modules likepg_stat_statements,hstore, anduuid-ossppostgresql14-plperl: Write stored procedures in Perlpostgresql14-plpython3: Write stored procedures in Python 3postgresql14-pltcl: Write stored procedures in Tcl
Initialize the PostgreSQL Database
After installing the packages, you must initialize the database cluster before PostgreSQL can start. This step creates the necessary directory structure and system catalogs in the default data directory.
sudo /usr/pgsql-14/bin/postgresql-14-setup initdbOnce initialization succeeds, you will see the following output:
Initializing database ... OK
Specifically, this command creates the data directory at /var/lib/pgsql/14/data/ and populates it with the initial database files. Without this step, PostgreSQL cannot start.
Start and Enable the PostgreSQL Service
By default, PostgreSQL does not start automatically after installation. Use systemctl to start the service immediately and enable it to start on system boot:
sudo systemctl enable postgresql-14 --nowThe --now flag combines the enable and start operations into a single command. After running this, verify that PostgreSQL is running correctly:
systemctl status postgresql-14The output should show the service as active and running:
● postgresql-14.service - PostgreSQL 14 database server
Loaded: loaded (/usr/lib/systemd/system/postgresql-14.service; enabled; preset: disabled)
Active: active (running) since Wed 2025-12-25 12:00:00 UTC; 5s ago
Main PID: 12345 (postmaster)
Tasks: 8 (limit: 4915)
Memory: 32.0M
CPU: 150ms
CGroup: /system.slice/postgresql-14.service
├─12345 /usr/pgsql-14/bin/postmaster -D /var/lib/pgsql/14/data/
└─...
Verify the Installation
Confirm that PostgreSQL 14 is installed and accessible by checking its version:
/usr/pgsql-14/bin/psql --versionExpected output:
psql (PostgreSQL) 14.20
Manage the PostgreSQL Service
PostgreSQL 14 runs as a systemd service named postgresql-14. Therefore, understanding these management commands helps with routine maintenance and troubleshooting.
Stop the service for maintenance or configuration changes:
sudo systemctl stop postgresql-14Start the service after stopping it or after a system boot if it was not enabled:
sudo systemctl start postgresql-14Restart the service to apply configuration changes that require a full restart (such as changes to listen_addresses):
sudo systemctl restart postgresql-14Reload the configuration to apply changes that do not require a restart (such as authentication rule changes in pg_hba.conf):
sudo systemctl reload postgresql-14In general, reloading is preferred over restarting when possible because it does not interrupt active database connections.
Access the PostgreSQL Database
During installation, PostgreSQL creates a system user account named postgres that owns the database files and has superuser privileges within PostgreSQL. You can access the database through this account in two ways.
Direct Access with Sudo
The simplest method is to run the psql client directly as the postgres user:
sudo -u postgres psqlAs a result, this command opens an interactive PostgreSQL session. The prompt changes to postgres=# indicating you are connected as the postgres superuser:
psql (14.20) Type "help" for help. postgres=#
Finally, to exit the PostgreSQL prompt, type \q and press Enter:
\qSwitch to the Postgres User
Alternatively, you can switch to the postgres user account first, which is useful if you need to run multiple PostgreSQL commands:
sudo -i -u postgresOnce switched, simply type psql to enter the PostgreSQL prompt:
psqlAfterward, to exit both the PostgreSQL prompt and the postgres user session, type \q to leave psql, then exit to return to your regular user account.
Create Users and Databases
For production use, you should create dedicated database users rather than using the postgres superuser for application connections. This section demonstrates creating a user and database with appropriate permissions.
Create a New Database User
First, create a new PostgreSQL user (also called a role) using the createuser command. Replace myappuser with your desired username:
sudo -u postgres createuser myappuserCreate a New Database
Next, create a database for the user. Replace myappdb with your desired database name:
sudo -u postgres createdb myappdbGrant Permissions
Connect to PostgreSQL and grant the user full privileges on the database:
sudo -u postgres psqlAt the PostgreSQL prompt, grant all privileges on the database to the new user:
GRANT ALL PRIVILEGES ON DATABASE myappdb TO myappuser;PostgreSQL confirms with:
GRANT
If you need the user to have a password for remote connections, set one with:
ALTER USER myappuser WITH ENCRYPTED PASSWORD 'your_secure_password';The response confirms success:
ALTER ROLE
Exit the PostgreSQL prompt:
\qConfigure Firewall for PostgreSQL
If you need to access PostgreSQL from remote machines, you must configure the firewall to allow incoming connections on the PostgreSQL port. Fedora uses firewalld by default for firewall management.
Opening PostgreSQL to remote connections exposes your database to the network. Before proceeding, ensure you have configured strong passwords and restrict access to trusted IP addresses only. Never expose PostgreSQL directly to the public internet without additional security measures.
Create a Dedicated Firewall Zone
For better organization, create a dedicated firewall zone for PostgreSQL rules:
sudo firewall-cmd --permanent --new-zone=postgresRestrict Access to Specific IP Addresses
Next, allow connections from a single trusted IP address:
sudo firewall-cmd --permanent --zone=postgres --add-source=192.168.1.100Alternatively, for corporate networks, you can allow an entire subnet:
sudo firewall-cmd --permanent --zone=postgres --add-source=192.168.1.0/24Open the PostgreSQL Port
Then, add the PostgreSQL default port (5432) to the zone:
sudo firewall-cmd --permanent --zone=postgres --add-port=5432/tcpApply and Verify Firewall Rules
Finally, reload the firewall to apply the changes:
sudo firewall-cmd --reloadNext, verify the rules are active:
sudo firewall-cmd --list-all --zone=postgresExpected output showing your configured sources and port:
postgres target: default icmp-block-inversion: no interfaces: sources: 192.168.1.0/24 services: ports: 5432/tcp protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Configure Remote Access
By default, PostgreSQL only accepts connections from localhost. To allow remote connections, you must modify two configuration files: postgresql.conf to set the listening addresses, and pg_hba.conf to define authentication rules.
Configure Listening Addresses
First, edit the main PostgreSQL configuration file:
sudo nano /var/lib/pgsql/14/data/postgresql.confFind the listen_addresses setting in the “Connection Settings” section. By default, it is commented out or set to localhost. Change it to one of the following:
Listen on all interfaces (accepts connections from any network interface):
listen_addresses = '*'Listen on a specific interface (more secure, only accepts connections on the specified IP):
listen_addresses = '192.168.1.50'Save the file with Ctrl+O, then press Enter, and exit with Ctrl+X.
Configure Client Authentication
Edit the host-based authentication file to define which hosts can connect and how they authenticate:
sudo nano /var/lib/pgsql/14/data/pg_hba.confAdd rules at the end of the file. The format is: TYPE DATABASE USER ADDRESS METHOD
Allow a specific user to access a specific database from a trusted IP with password authentication:
host myappdb myappuser 192.168.1.100/32 scram-sha-256
Allow all users to access all databases from a subnet with password authentication:
host all all 192.168.1.0/24 scram-sha-256
Always use
scram-sha-256for password authentication, which is the modern standard. The oldermd5method is still supported but offers weaker security. Never usetrustauthentication for remote connections, as it allows access without any password verification.
Save and exit the file.
Apply Changes and Verify
Changes to listen_addresses require a full restart, while pg_hba.conf changes only require a reload. Since you modified both, restart the service:
sudo systemctl restart postgresql-14Verify that PostgreSQL is listening on the expected addresses:
ss -tlnp | grep 5432Expected output when listening on all interfaces:
LISTEN 0 244 0.0.0.0:5432 0.0.0.0:* users:(("postmaster",pid=12345,fd=6))
LISTEN 0 244 [::]:5432 [::]:* users:(("postmaster",pid=12345,fd=7))
Here, the 0.0.0.0:5432 indicates PostgreSQL is accepting connections on all IPv4 interfaces.
Configure SELinux for PostgreSQL
Fedora runs SELinux in enforcing mode by default, which provides an additional layer of security. If PostgreSQL encounters permission issues, particularly with custom data directories or network connections, SELinux may be the cause. For a detailed overview of SELinux management, see our guide on managing SELinux on Fedora.
Check SELinux Status
First, verify that SELinux is enabled and in enforcing mode:
sestatusThe expected output should look similar to this:
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33
Restore SELinux Context
If you manually modified files in the PostgreSQL data directory or restored from a backup, the SELinux file contexts may be incorrect. Restore the correct contexts with:
sudo restorecon -Rv /var/lib/pgsql/14/data/Enable Network Connections
If web applications (such as those running under Apache or Nginx) need to connect to PostgreSQL, enable the appropriate SELinux boolean:
sudo setsebool -P httpd_can_network_connect_db 1Here, the -P flag makes this change persistent across reboots. This boolean allows the HTTP daemon to establish network connections to database servers.
Troubleshoot SELinux Denials
If PostgreSQL encounters permission issues, check for SELinux audit denials:
sudo ausearch -m avc -ts recent | grep postgresHowever, if ausearch is not available, install the audit package first:
sudo dnf install -y auditAdditionally, for temporary troubleshooting, you can set SELinux to permissive mode, which logs violations without blocking them:
sudo setenforce 0After testing, return to enforcing mode:
sudo setenforce 1Troubleshoot Common Issues
Service Fails to Start
If the PostgreSQL service fails to start, check the system journal for detailed error messages:
sudo journalctl -xeu postgresql-14For example, a common error is attempting to start PostgreSQL before initializing the database:
postgresql-14.service: Main process exited, code=exited, status=1/FAILURE ... FATAL: data directory "/var/lib/pgsql/14/data" has wrong ownership
To fix this, run the initialization command and ensure the data directory has correct ownership:
sudo /usr/pgsql-14/bin/postgresql-14-setup initdb
sudo chown -R postgres:postgres /var/lib/pgsql/14/data/Connection Refused from Remote Host
If remote connections are refused, verify the following in order:
1. Check that PostgreSQL is listening on the correct interface:
ss -tlnp | grep 5432If the output shows only 127.0.0.1:5432, PostgreSQL is only listening on localhost. Edit postgresql.conf as described in the remote access section.
2. Verify firewall rules allow the connection:
sudo firewall-cmd --list-all --zone=postgres3. Check pg_hba.conf has a rule for the connecting host.
Authentication Failed
If you receive a “password authentication failed” error, verify:
- The user exists:
sudo -u postgres psql -c "SELECT usename FROM pg_user;" - The password is set correctly:
ALTER USER username WITH PASSWORD 'newpassword'; - The
pg_hba.confauthentication method matches how the password was set (usescram-sha-256for passwords set withENCRYPTED PASSWORD)
Remove PostgreSQL 14
If you need to remove PostgreSQL 14 from your system, follow these steps to cleanly uninstall the packages and optionally remove the data.
Stop and Disable the Service
First, stop the running service and prevent it from starting on boot:
sudo systemctl disable postgresql-14 --nowRemove PostgreSQL Packages
Next, remove all PostgreSQL 14 packages:
sudo dnf remove postgresql14*As a result, DNF will automatically remove unused dependencies that were installed only for PostgreSQL.
Remove the PostgreSQL Repository
Additionally, if you no longer need the PGDG repository, remove it:
sudo dnf remove pgdg-fedora-repoRemove Database Data
Warning: The following command permanently deletes all PostgreSQL 14 databases, including all data, tables, and configurations. This action cannot be undone. Back up any important data before proceeding.
Once you have backed up any needed data, completely remove all PostgreSQL data:
sudo rm -rf /var/lib/pgsql/14/Verify Removal
Finally, confirm that PostgreSQL 14 is no longer installed:
rpm -qa | grep postgresql14If the command returns no output, all PostgreSQL 14 packages have been removed.
Conclusion
You now have PostgreSQL 14 running on Fedora with the database initialized, authentication configured, and firewall rules in place for remote access. With the PGDG repository enabled, you receive security updates promptly and can install additional PostgreSQL versions side-by-side if needed. For production deployments, consider implementing regular backups, monitoring query performance with tools like pg_stat_statements, and reviewing the official PostgreSQL 14 documentation for advanced configuration options. If you plan to serve web applications, pair PostgreSQL with Nginx on Fedora for a complete backend stack.
For more Fedora-specific guides, see how to install and configure firewalld on Fedora or install Docker on Fedora for containerized database deployments.