Running the Helix Server (p4d) as an unprivileged user
Helix Server
does not require privileged access. For security reasons, do not run
p4d
as root
or otherwise grant the owner
of the p4d
process root
-level
privileges.
Create an unprivileged UNIX user (for example, perforce
) to
manage p4d
and (optionally) a UNIX group for it (for
example, p4admin
). Use the umask(1)
command to ensure that the server root (P4ROOT
) and all
files and directories created beneath it are writable only by the UNIX
user perforce
, and (optionally) readable by members of the
UNIX group p4admin
.
Under this configuration, the
Perforce
service (p4d
), running as UNIX user
perforce
, can write to files in the server root, but no
users are able to read or overwrite its files. To grant access to the
files created by p4d
(that is, the depot files,
checkpoints, journals, and so on) to trusted users, you can add the
trusted users to the UNIX group p4admin
.