Administration privileges on core library

Hello everyone,

so, I am considering doing some compromise on my network to fulfill the requirement of Roon. But I have really some serious concerns about who can access the system.

Say I remove my vlan and subnets I have now a flat network with roon, endpoints, remotes (computer and iPhones).

Now any guest I have home can connect on Ronn by just installing the app and can delete any album from my library ? On purpose or inadvertly.

Is there a way to have different categories of users (play vs configure) so no-one can mess with the configuration or library? I am thinking of my family and kids to start with…

Thanks,
Torpi

… only if you let any guest on your network. :sunglasses:

Until Roon implements some real user management a guest network may be your best bet.

I could not agree more @ndrscr! That is why I currently have different vlans and different SSIDs, including a guest wifi. All untrustworthy devices, such as Chromecast or other endpoints are isolated in another Vlan / Wifi. Private Vlan and Guest Vlan can cast to IoT Vlan, but IoT Vlan cannot connect to other Vlans (only respond). The reason is that I want to allow Guest to cast music from their phone sometime and keep a strong isolation with the private Vlan. It works well with any application on the market but not with Roon because I cannot get ports and protocols used (Slow search + Chromecast/Airplay cannot be enabled) … sight…

If you run Linux you could configure the Roon install so that it doesn’t run as root and has read-only access to your music.

Seeing as Roon doesn’t remove the directory when deleting an album you’re probably better off doing library pruning outside of Roon anyhow.

1 Like

@evand, I will do this as a workaround for the moment. I have mounted an nfs share as read-only in my container. If anyone is curious:

volumes:
  - /data/docker/roon/app:/app
  - /data/docker/roon/data:/data
  - /data/docker/roon/music:/music
  - /data/docker/roon/backups:/backup
  - "nfsmountMedia:/music-library:ro"

volumes:
nfsmountMedia:
driver: local
driver_opts:
type: nfs
o: addr=192.168.115.134
device: “:/san-01-1/music-library/”