So I am following the Radicale docs.
And the first method is this:
as normal user Recommended only for testing
Okay, I’m not testing, so I move onto the next one:
as system user (or as root) Alternatively, you can install and run as system user or as root (not recommended):
Okay, so this method is not recommended…
And there aren’t anymore.
So what’s the recommended method for non-testing environments???
You must log in or register to comment.
- A normal user (for testing)
- a root user (not recommended)
- a system user (yes, this one)
As a system user. Root is not recommended.
Baikal is much easier
Recommended method is run the service as non-root and non-reserved (over 1000). The radicale documents aren’t the best, but CalDAV and CarDAV aren’t the simplest standards to implement, nor do any of the big (ms, gmail) follow the correctly anyway.
For example, you have to manipulate an address book exported from Google before it can be imported into Radicale.
I don’t blame the dev, though. They are pretty much a one-man show and although radicale is a connector service you don’t interact with much, it’s crazy complicated.
Is there anything that’s better that you recommend?
No, not really.
I also had some issue figuring out how radicale works, bit now that I do have it setup, it “just works” and it does the job well.
Everything should run under their own user when possible. This software is not using a privileged port (< 1000) so it doesn’t need root.
The docs seem a bit lazy if that is not recommended, possibly it will try to access some files it does not have access to.
So I make a new user for it, but NOT root?
You make a new normal, non-root user specifically to run Radicale processes. The user should have write access only to Radicale’s directories, nothing else.
Same deal with Apache and the
www-datauser.
as normal user but via systemd service (Linux with systemd system-wide)
