The first step is to create a unique Unix user account, not associated with a human user. Running server daemons such as Apache or slashd as root is a serious security risk. The system user will own all files associated with Slash, and the Slash daemons will run as if this user had executed them. Most Unix systems provide a nobody account for this purpose. Another good option is to create a new user named slash. The more services running as nobody, the more damage an attacker can do if he gains access to the account.

The slash user needs to belong to a group as well. This is convenient and practical. Any other user with membership in the slash group can work with Slash files and directories that allow group access. The easiest way to create a new group is with the groupadd command, provided by some operating systems (it handles details such as choosing the next available group number automagically):

# groupadd slash

If this command is not available, manually edit the /etc/group file. Add a line defining the slash group. On the nanodot.org machine, this line is:

slash:x:501:dkrieger

This means that the user named dkrieger is in the slash group. The group number is 501, the lowest unused number ...