Introduction
Creating a proper and safe Mac OS X daemon a relatively hard task, and this document is a work in progress. It works for me, it might not for you. Please refrain from doing so unless you know your way around Terminal and Console, and you have a good analytical mind that will tell you whenever you are doing mistakes. Take this text as a helping hand, not as a full "run this package and it works" text. Evil lurks around and your computer might never look the same! Be warned!
This page will help you make your Minecraft server securely run without having to log in as a user.
Before even attempting this, you should run a server instance by hand, to make sure everything works. If you are able to run your server and actually connect to it from a remote computer, you can start thinking about creating a daemon.
Word of interest about sudo
I use sudo every single command I need to do as root. Many people will tell you to do sudo su - and be done with it. That's a valid argument, but it's also much more dangerous to do so. Forgetting you're as root and doing something awkward gives you more chances to destroy your computer.
It's also the reason why I first move to the proper folder and then do the action for a precise file or folder; I've had too many people in my life telling me they mistakenly pressed return while doing a nasty command and applied it to their whole computer... me included! I learned the hard way, and on that note, I'd like to thank my first Internet server provider for not giving me root access or else their computer would've been rm -rf'ed at least once.
Final reason, every sudo command is logged in your Console, meaning you know what happens, and if you made something incorrect, you can review your log and know what you did to try to repair it. Doing a sudo su - will only show that. But then, it's your computer, it's your habits, do whatever you want with it!
Creating a _minecraft daemon user and group
This section is technically optional, but for security considerations, you should do it the hard way.
The easiest (and evil) way
- Don't do anything (Please make sure to modify the launchd plist file to remove the RunAsUser part)
And you are done! Congratulations! That will make your Minecraft application run as root, meaning if someone hacks your computer through Minecraft, it'll be able to do anything he wants, including viewing and modifying all your files, or simply deleting your computer into oblivion. Seriously, you do not want that! Please go to the Hard way and sweat your way. I'm a completionist, so I tell you the possibility to run it like that, but please don't ... please ...
The easy (and incorrect) way
- Click on Apple menu item
- Open System Preferences
- Click on System: Accounts
- Click on the lock in order to unlock the page
- Enter your administrator password
- Click on the Plus button
- Create a new Standard user, named Minecraft (Please make sure to modify the launchd plist file saying you are using a different user) with a password
- Click Ok
And you are done! Congratulations! However, this creates a full fledged user, whilst Mac OS X expects a daemon user. As a side bonus, you can run this as your own personal user, or any other possibilities for users. But then, if your Minecraft user gets hacked, the hacker will have a full account to have fun, accessing all your software, and be able to modify everything that's public. It's not the best.
The hard (and correct) way
The user will be created with an underscore first, denoting it's a daemon and should be hidden from user view. It will also be created with a daemon UID. We will use dscl to create a user and group. Obviously, it needs to be done with privileges. Open Terminal and type
MyMac:~ myuser$ sudo dscl Password: (your password) Entering interactive mode... (type "help" for commands)
Let's move to the base folder for what we need to do (less typing)
> cd /Local/Default/ /Local/Default >
If you are running a Mac OS X Server or if you have other directory authentication, you might have to move to an other folder instead of Local. Use the ls command to view the different folders. To know if you are in the good place, you should have a Users folder with different underscore-prefixed names (like _coreaudiod, _softwareupdate and _www).
Creating the group (GID)
/Local/Default > ls Groups gid
This will show up a list of all the created groups on your computer, along with their GIDs. We don't care what they are, we just want an empty GID, potentially in the daemon range (less than 500). Verify if 300 is unused.
/Local/Default > create Groups/_minecraft /Local/Default > create Groups/_minecraft PrimaryGroupID 300
At this point, your group should be created, and assigned the 300 (or any number you chose) GID. You can verify it with the ls Groups gid command and you can compare it to others with the read Groups/_minecraft command.
Creating the user (UID)
/Local/Default > ls Users uid
This will show up a list of all the created users on your computer, along with their UIDs. Again, we don't care what they are, we just want an empty UID, again in the daemon range (less than 500). Verify if 300 is unused. You can select a different UID and GID, they need not to be identical, but it's certainly tidier if they are.
/Local/Default > create Users/_minecraft UserShell /bin/bash /Local/Default > create Users/_minecraft UniqueID 300 /Local/Default > create Users/_minecraft PrimaryGroupID 300 /Local/Default > create Users/_minecraft NFSHomeDirectory /Users/_minecraft
This created your user. Obviously you need to modify the UniqueID (UID) for the one you chose in this step, and the PrimaryGroupID for the one you chose in the previous section. You can also choose a different home directory. I put my Minecraft folder with the other users, but you can put this anywhere you want, really.
Like for the GID, you can use ls Users uid and read Users/_minecraft to make sure everything is all right.
Now, we said to the user we have a group (PrimaryGroupID) but we need to tell the group it has users:
/Local/Default > append /Groups/_minecraft GroupMembership _minecraft
And we're done!
/Local/Default > exit Goodbye
Creating the user home
We now need to create the home folder. Assuming you previously described it as /Users/_minecraft, please type:
MyMac:~ myuser$ cd /Users MyMac:Users myuser$ sudo mkdir _minecraft MyMac:Users myuser$ sudo chown _minecraft:_minecraft _minecraft MyMac:Users myuser$ ls -la
Whoa, there are many _minecraft here! Here is a version where you can understand something (don't go run this, that said!)
cd /Users sudo mkdir UserFolder sudo chown UserName:GroupName UserFolder ls -la
Here ... better! If these commands go through, it means your user and group were properly created in the previous steps. At this point, the ls -la should give you something like
total 0 drwxr-xr-x 5 root admin 170 15 jui 2010 . drwxrwxr-x@ 34 root admin 1224 6 jan 23:33 .. -rw-r--r-- 1 root wheel 0 1 jul 2009 .localized drwxrwxrwt 5 root wheel 170 30 sep 20:18 Shared drwxr-xr-x+ 27 _minecraft _minecraft 0 26 feb 12:54 _minecraft drwxr-xr-x+ 27 sakamura staff 918 10 nov 21:48 sakamura
Moving the server files
Support files
You need a few files in order to make this work adequately. It could be done with less files, but it's more readable that way. Please copy them carefully.