So I am following the Radicale docs.

And the first method is this:

as normal user Recommended only for testing

Okay, I’m not testing, so I move onto the next one:

as system user (or as root) Alternatively, you can install and run as system user or as root (not recommended):

Okay, so this method is not recommended…

And there aren’t anymore.

So what’s the recommended method for non-testing environments???

  • non_burglar@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 day ago

    Recommended method is run the service as non-root and non-reserved (over 1000). The radicale documents aren’t the best, but CalDAV and CarDAV aren’t the simplest standards to implement, nor do any of the big (ms, gmail) follow the correctly anyway.

    For example, you have to manipulate an address book exported from Google before it can be imported into Radicale.

    I don’t blame the dev, though. They are pretty much a one-man show and although radicale is a connector service you don’t interact with much, it’s crazy complicated.

      • non_burglar@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 day ago

        No, not really.

        I also had some issue figuring out how radicale works, bit now that I do have it setup, it “just works” and it does the job well.

  • truthfultemporarily@feddit.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 day ago

    Everything should run under their own user when possible. This software is not using a privileged port (< 1000) so it doesn’t need root.

    The docs seem a bit lazy if that is not recommended, possibly it will try to access some files it does not have access to.

      • rtxn@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 day ago

        You make a new normal, non-root user specifically to run Radicale processes. The user should have write access only to Radicale’s directories, nothing else.

        Same deal with Apache and the www-data user.