Hi, I came onto some issues with database usage with calendarserver under debian. Debian postgres is configured out of box like [1], using peer. peer means if username matches access is allowed. The debian default user is caldavd, and database access using peer can be done using setting <string>:caldav:caldavd:::</string> in <key>DSN</key> for postgres. Now to access the database with this setting, the user also has to be caldavd. I used calendarserver_bootstrap_database to install the database. (@Debian-devel: debian specific patches in quilt format attached for 4.1.1 and trunk) To get it to work I used DAEMON_OPTS="-u caldavd -g caldavd", eg twistd user/group. When running as root, the database access will fail due to that root != caldavd for the peer authentication. There is a privelege "degradation" later in the code : 2012-11-14 10:56:48+0100 [-] [caldav-0] [-] /usr/lib/python2.7/dist-packages/twisted/python/util.py:714: exceptions.UserWarning: tried to drop privileges and setuid 115 but uid is already 115; should we be root? Continuing. But the code in my case runs anyway, as I am using port 8008, a non privileged port. My main question is if database access can be done after droping to the caldavd user ? or is there a reason to access the database as root ? If it is possible to drop to caldavd the DAEMON_OPTS can be dropped. (I guess it is always good to drop privileges when accessing services :) ) One can adapt in different ways, going to using passwords. Apple products may have other authentication, or other authentication might be needed for multi server. I just wanted to try to explain the debian issues I ran into, so we can decide what to prescribe on how to authenticate with the database. Eg if the password method is needed or if peer can be used. /Fred [1] /etc/postgresql/9.1/main/pg_hba.conf # Database administrative login by Unix domain socket local all postgres peer # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer