Fork to unprivileged user after loading certificates

[drkhsh]

Feature proposal: Radicale should start as root, load SSL certificates (only readable as root) and fork to an unprivileged user ("radicale" by default, configurable via "user" option in the config file) for security reasons afterwards.

[rathann]

Same here. I'd like to use the same certificate/private key pair as for other services running on the host.

[daks]

In my point of view TLS certificates should not be managed by Radicale, but by a webserver placed in front of Radicale like Nginx or Apache.

my 2 cents.

[drkhsh]

In my point of view TLS certificates should not be managed by Radicale, but by a webserver placed in front of Radicale like Nginx or Apache.

That unnecessary complicates a setup by adding another webserver. Additionally the function for TLS is there anyway, so adding a function to fork to an unprivileged user after loading the private key as root is justified.

[daks]

@drkhsh in fact, if the code is already here, dropping root privilege is the way to go.

But I still think a better way would be to not handle ssl/tls in radicale when webservers are already better at doing it, and (probably) more secure. And document how to use radicale like this.

[Tntdruid]

I run it as service, using https://github.com/Neilpang/acme.sh for cert whit dns mode and copy the cert to /etc/radicale then service radicale restart. Does the same on renew.