As a system user. Root is not recommended.
this post was submitted on 02 Oct 2025
17 points (94.7% liked)
Selfhosted
52174 readers
511 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
Recommended method is run the service as non-root and non-reserved (over 1000). The radicale documents aren't the best, but CalDAV and CarDAV aren't the simplest standards to implement, nor do any of the big (ms, gmail) follow the "correct spec" correctly anyway.
For example, you have to manipulate an address book exported from Google before it can be imported into Radicale.
I don't blame the dev, though. They are pretty much a one-man show and although radicale is a connector service you don't interact with much, it's crazy complicated.
Is there anything that's better that you recommend?
No, not really.
I also had some issue figuring out how radicale works, bit now that I do have it setup, it "just works" and it does the job well.
- A normal user (for testing)
- a root user (not recommended)
- a system user (yes, this one)
They have split the doc for installation (i.e. procure binaries) and running as a service. Providing you can do the first, it is the latter linked part that tells you how to set up Radicale.
Everything should run under their own user when possible. This software is not using a privileged port (< 1000) so it doesn't need root.
The docs seem a bit lazy if that is not recommended, possibly it will try to access some files it does not have access to.
So I make a new user for it, but NOT root?
You make a new normal, non-root user specifically to run Radicale processes. The user should have write access only to Radicale's directories, nothing else.
Same deal with Apache and the www-data user.
Baikal is much easier
as normal user but via systemd service (Linux with systemd system-wide)