By default, configure will check (in this order) for the existance of a user yule, daemon, or nobody, and use the first match.

You can override this with the option configure --enable-identity= user . The user does not need to exist already; the install script knows how to create a new user (on Linux, FreeBSD, NetBSD, Solaris, HP-UX, OSF1).

After successful installation, you will be asked to run make install-user in order to: (i) create the user that you specified to configure if it does not exist already ( make install-user will check for this), and (ii) chown/chmod some directories.

After running make install and make install-user , you should have a sane setup.

The system logfile directory usually requires root privileges to write there (otherwise log files may easily get corrupted ...). To enable yule to write the log file and the HTML status file, a (sub-)directory should be used that is owned by yule. The configure script and the Makefile will do that automatically with the default layout (i.e. a directory /var/log/yule will be created).

The data file directory is now owned by root and world readable by default. If you chown it to a suitable group for the unprivileged yule user, you can make it group readable only. Note that it is not required, and weakens the security, if the data file directory is writeable for the server.

The unprivileged yule user must have a .gnupg subdirectory in its home directory, holding the public keyring with the key to verify the signature.

The PID file is written with before dropping root privileges. Therefore yule will not be able to overwrite it later (which is a GoodThing), or remove it upon exit (it will usually be able to recognize and handle a stale PID file on startup). Still, it may be a good idea to remove it after stopping yule. The provided start/stop scripts for various architectures will handle this.