So I am following the Radicale docs.
And the first method is this:
as normal user Recommended only for testing
Okay, I’m not testing, so I move onto the next one:
as system user (or as root) Alternatively, you can install and run as system user or as root (not recommended):
Okay, so this method is not recommended…
And there aren’t anymore.
So what’s the recommended method for non-testing environments???
You must log in or # to comment.
They have split the doc for installation (i.e. procure binaries) and running as a service. Providing you can do the first, it is the latter linked part that tells you how to set up Radicale.
- A normal user (for testing)
- a root user (not recommended)
- a system user (yes, this one)
As a system user. Root is not recommended.
Recommended method is run the service as non-root and non-reserved (over 1000). The radicale documents aren’t the best, but CalDAV and CarDAV aren’t the simplest standards to implement, nor do any of the big (ms, gmail) follow the “correct spec” correctly anyway.
For example, you have to manipulate an address book exported from Google before it can be imported into Radicale.
I don’t blame the dev, though. They are pretty much a one-man show and although radicale is a connector service you don’t interact with much, it’s crazy complicated.
Is there anything that’s better that you recommend?
No, not really.
I also had some issue figuring out how radicale works, bit now that I do have it setup, it “just works” and it does the job well.
Baikal is much easier
Everything should run under their own user when possible. This software is not using a privileged port (< 1000) so it doesn’t need root.
The docs seem a bit lazy if that is not recommended, possibly it will try to access some files it does not have access to.
So I make a new user for it, but NOT root?
You make a new normal, non-root user specifically to run Radicale processes. The user should have write access only to Radicale’s directories, nothing else.
Same deal with Apache and the
www-datauser.
