Moving away from running as root, clients can no longer find core (Arch)

I’ve been running my core on a headless Arch Linux machine for the last few years with no major issues, but running RoonServer as root has always bothered me and I’m trying to get away from doing so. Having read and the advice in this thread, I’ve done the following:

  1. created system user roon with associated group, no login shell
  2. added user to the groups that manage my audio hardware and storage volumes (mounted via /etc/fstab)
  3. chown/chgrp /var/roon and /opt/RoonServer
  4. set nofiles soft limit to 8192 in /etc/security/limits
  5. edited my existing systemd unit file to change user/group and set LimitNOFILE=8192
  6. confirmed that passes

When I start the service, systemctl status looks exactly the same as when RoonServer is running as root, as does journalctl -u roonserver.service, but clients are unable to find the core. If I stop the service, revert the changes to the unit file, and reenable it, everything works as before.

I’m sure that I’m overlooking something simple here and am hoping that someone can point me in the right direction. Thanks!

Did you check if you were able to run the Roon Server in a terminal session using this command (this is for Ubuntu, you may have to change a few things on Arch Linux):

sudo su -s /bin/sh -c '/opt/roon/RoonServer/' roon

Also, you may want to check if user roon is not blocked from accessing other devices on your network, or blocked from being accessed by other devices.

Thanks; being able to see more verbose output from that command got me a step closer at least. Turns out I’d forgotten to set the home folder for my user, fixed with usermod --home /var/roon roon.

At this point I can connect a client and can play tracks from a linked Tidal account, but not from an external hard drive (usb3, mounted via /etc/fstab). If I attempt to play a file from the drive while is running, the client shows a message saying “Playback was interrupted because a track failed to load.” User roon belongs to a group which has rws permissions for the mount (root has rwx).

Nothing out of the ordinary in journald when running as a service. If running via, I just get:

get_libusb_sym(libusb_init) => 0x1
get_libusb_sym(libusb_get_device_list) => 0x1
get_libusb_sym(libusb_get_device_descriptor) => 0x1
get_libusb_sym(libusb_get_active_config_descriptor) => 0x1
get_libusb_sym(libusb_get_device_address) => 0x1
get_libusb_sym(libusb_get_bus_number) => 0x1
get_libusb_sym(libusb_open) => 0x1
get_libusb_sym(libusb_free_config_descriptor) => 0x1
get_libusb_sym(libusb_free_device_list) => 0x1
get_libusb_sym(libusb_exit) => 0x1

…which I also see when successfully playing a file while running as root.

Pleased to report that I’m up and running now; a bit more digging showed that some unrelated admin scripts were mangling permissions on the mounted volumes. Thanks again for your help!

1 Like