Minecraft Wiki
Advertisement

Introduction

Creating a proper and safe Mac OS X daemon a relatively hard task, and this document is a work in progress. It works for me, it might not for you. Please refrain from doing so unless you know your way around Terminal and Console, and you have a good analytical mind that will tell you whenever you are doing mistakes. Take this text as a helping hand, not as a full "run this package and it works" text. Evil lurks around and your computer might never look the same! Be warned!

This page will help you make your Minecraft server securely run without having to log in as a user.

Before even attempting this, you should run a server instance by hand, to make sure everything works. If you are able to run your server and actually connect to it from a remote computer, you can start thinking about creating a daemon.

Creating a _minecraft daemon user and group

This section is technically optional, but for security considerations, you should do it the hard way.

The easiest (and evil) way

  1. Don't do anything (Please make sure to modify the launchd plist file to remove the RunAsUser part)

And you are done! Congratulations! That will make your Minecraft application run as root, meaning if someone hacks your computer through Minecraft, it'll be able to do anything he wants, including viewing and modifying all your files, or simply deleting your computer into oblivion. Seriously, you do not want that! Please go to the Hard way and sweat your way. I'm a completionist, so I tell you the possibility to run it like that, but please don't ... please ...

The easy (and incorrect) way

  1. Click on Apple menu item
  2. Open System Preferences
  3. Click on System: Accounts
  4. Click on the lock in order to unlock the page
  5. Enter your administrator password
  6. Click on the Plus button
  7. Create a new Standard user, named Minecraft (Please make sure to modify the launchd plist file saying you are using a different user) with a password
  8. Click Ok

And you are done! Congratulations! However, this creates a full fledged user, whilst Mac OS X expects a daemon user. As a side bonus, you can run this as your own personal user, or any other possibilities for users. But then, if your Minecraft user gets hacked, the hacker will have a full account to have fun, accessing all your software, and be able to modify everything that's public. It's not the best.

The hard (and correct) way

The user will be created with an underscore first, denoting it's a daemon and should be hidden from user view. It will also be created with a daemon UID. We will use dscl to create a user and group. Obviously, it needs to be done with privileges. Open Terminal and type

MyMac:~ myuser$ sudo dscl
Password: (your password)
Entering interactive mode... (type "help" for commands)

Let's move to the base folder for what we need to do (less typing)

 > cd /Local/Default/
/Local/Default >

If you are running a Mac OS X Server or if you have other directory authentication, you might have to move to an other folder instead of Local. Use the ls command to view the different folders. To know if you are in the good place, you should have a Users folder with different underscore-prefixed names (like _coreaudiod, _softwareupdate and _www).

Creating the group (GID)

/Local/Default > ls Groups gid

This will show up a list of all the created groups on your computer, along with their GIDs. We don't care what they are, we just want an empty GID, potentially in the daemon range (less than 500). Verify if 300 is unused.

/Local/Default > create Groups/_minecraft
/Local/Default > create Groups/_minecraft PrimaryGroupID 300

At this point, your group should be created, and assigned the 300 (or any number you chose) GID. You can verify it with the ls Groups gid command and you can compare it to others with the read Groups/_minecraft command.

Creating the user (UID)

/Local/Default > ls Users uid

This will show up a list of all the created users on your computer, along with their UIDs. Again, we don't care what they are, we just want an empty UID, again in the daemon range (less than 500). Verify if 300 is unused. You can select a different UID and GID, they need not to be identical, but it's certainly tidier if they are.

/Local/Default > create Users/_minecraft UserShell /bin/bash
/Local/Default > create Users/_minecraft UniqueID 300
/Local/Default > create Users/_minecraft PrimaryGroupID 300
/Local/Default > create Users/_minecraft NFSHomeDirectory /Users/_minecraft

This created your user. Obviously you need to modify the UniqueID (UID) for the one you chose in this step, and the PrimaryGroupID for the one you chose in the previous section. You can also choose a different home directory. I put my Minecraft folder with the other users, but you can put this anywhere you want, really.

Like for the GID, you can use ls Users uid and read Users/_minecraft to make sure everything is all right.

Now, we said to the user we have a group (PrimaryGroupID) but we need to tell the group it has users:

/Local/Default > append /Groups/_minecraft GroupMembership _minecraft

And we're done!

/Local/Default > exit
Goodbye

Creating the user home

Moving the server files

Support files

You need a few files in order to make this work adequately. It could be done with less files, but it's more readable that way. Please copy them carefully.

Shell scripts

minecraft.command

start.sh

stop.sh

Launchd plist

Tying it up

Permissions and final file move

Controlling the daemon

Backup considerations

Advertisement