dreness
commented
7 years ago Putting aside what looks like invocation / usage errors causing usage text to be spewed, you should find that if you simply don't specify a user or group, no attempt is made to drop privs.
from: https://github.com/apple/ccs-calendarserver/blob/master/conf/caldavd-stdconfig.plist#L769
<!-- Username and Groupname to drop privileges to, if empty privileges will not
be dropped. -->
<key>UserName</key>
<string></string>
<key>GroupName</key>
<string></string>
almost clean install with caldavd-stdconfig.plist
2017-06-24T17:44:49+0200 [caldav-0] Reading configuration from file: /usr/local/calendarserver/conf/caldavd-dev.plist 2017-06-24T17:44:49+0200 [caldav-0] Usage: twistd [options] 2017-06-24T17:44:49+0200 [caldav-0] Options: 2017-06-24T17:44:49+0200 [caldav-0] -f, --config= Path to configuration file. [default: 2017-06-24T17:44:49+0200 [caldav-0] /etc/caldavd/caldavd.plist] 2017-06-24T17:44:49+0200 [caldav-0] --version Display Twisted version and exit. 2017-06-24T17:44:49+0200 [caldav-0] -o, --option= Set an option to override a value in the config file. True, 2017-06-24T17:44:49+0200 [caldav-0] False, int, and float options are supported, as well as 2017-06-24T17:44:49+0200 [caldav-0] comma separated lists. Only one option may be given for 2017-06-24T17:44:49+0200 [caldav-0] each --option flag, however multiple --option flags may 2017-06-24T17:44:49+0200 [caldav-0] be specified. 2017-06-24T17:44:49+0200 [caldav-0] --help Display this help and exit. 2017-06-24T17:44:49+0200 [caldav-0] /usr/local/calendarserver/.develop/virtualenv/bin/twistd: Only root can drop privileges. You are: caldav 2017-06-24T17:44:59+0200 [caldav-1] Reading configuration from file: /usr/local/calendarserver/conf/caldavd-dev.plist 2017-06-24T17:45:00+0200 [caldav-1] Usage: twistd [options] 2017-06-24T17:45:00+0200 [caldav-1] Options: 2017-06-24T17:45:00+0200 [caldav-1] -f, --config= Path to configuration file. [default: 2017-06-24T17:45:00+0200 [caldav-1] /etc/caldavd/caldavd.plist] 2017-06-24T17:45:00+0200 [caldav-1] -o, --option= Set an option to override a value in the config file. True, 2017-06-24T17:45:00+0200 [caldav-1] False, int, and float options are supported, as well as 2017-06-24T17:45:00+0200 [caldav-1] comma separated lists. Only one option may be given for 2017-06-24T17:45:00+0200 [caldav-1] each --option flag, however multiple --option flags may 2017-06-24T17:45:00+0200 [caldav-1] be specified. 2017-06-24T17:45:00+0200 [caldav-1] --version Display Twisted version and exit. 2017-06-24T17:45:00+0200 [caldav-1] --help Display this help and exit. 2017-06-24T17:45:00+0200 [caldav-1] /usr/local/calendarserver/.develop/virtualenv/bin/twistd: Only root can drop privileges. You are: caldav 2017-06-24T17:45:00+0200 [caldav-0] Reading configuration from file: /usr/local/calendarserver/conf/caldavd-dev.plist 2017-06-24T17:45:00+0200 [caldav-0] Usage: twistd [options] 2017-06-24T17:45:00+0200 [caldav-0] Options: 2017-06-24T17:45:00+0200 [caldav-0] -f, --config= Path to configuration file. [default: 2017-06-24T17:45:00+0200 [caldav-0] /etc/caldavd/caldavd.plist] 2017-06-24T17:45:00+0200 [caldav-0] -o, --option= Set an option to override a value in the config file. True, 2017-06-24T17:45:00+0200 [caldav-0] False, int, and float options are supported, as well as 2017-06-24T17:45:00+0200 [caldav-0] comma separated lists. Only one option may be given for 2017-06-24T17:45:00+0200 [caldav-0] each --option flag, however multiple --option flags may 2017-06-24T17:45:00+0200 [caldav-0] be specified. 2017-06-24T17:45:00+0200 [caldav-0] --version Display Twisted version and exit. 2017-06-24T17:45:00+0200 [caldav-0] --help Display this help and exit. 2017-06-24T17:45:00+0200 [caldav-0] /usr/local/calendarserver/.develop/virtualenv/bin/twistd: Only root can drop privileges. You are: caldav