Well… I used Roon’s instructions. Running Roon core on a NAS is so convenient and it works so well.
Paging @crieke. Is it possible to run Roon on a Synology NAS under a different user rather than root? Maybe you can modify your script and run the script as root and Roon itself as a dedicated user “roon”. “roon” is almost “root” 
I bet Roon core doesn’t need root permissions. It doesn’t even ask for admin rights on Windows when installing.
Use this: https://hub.docker.com/r/steefdebruijn/docker-roonserver/
Make sure /music is read-only:
Roon Server can run under a diffferent user. The easy install package for Linux installs as root, but the manual install option can be made to run under any user. See the Manual Installation section on the LinuxInstall page in the Knowledge Base:
http://kb.roonlabs.com/LinuxInstall
As for the Synology package: this is a convenience install, so I’d guess chances are slim this would be added. Anyway – you have options for what you want: Docker on a NAS, any config you desire on a Linux box.
It’s not “super super dangerous” if the right precautions were taken by the Roon team to protect the cloud infrastructure it uses as well as having a proper build / publish-to-the-cloud process in place. This we don’t know. 
The ROCK/Nucleus update would still not be perfect even if the cloud’s “perfectly” safe without that robust signature check I suppose. But on the other hand: to use this vector for attack would probably require some intervention on a rather low level with network infrastructure / ISP like access which may only be viable for really bad guys and/or state actors. Then the signature check for ROCK packages is not such a problem anymore …
Note: others who actually know things about this are invited to correct me!
Maybe we’ll get that security (concerns) white paper from Roon one day …
Obviously, we don’t know what we don’t know, but given stuff that’s happened to even companies with essentially infinite ressources, an added layer really doesn’t seem like a luxury.
I think ROCK and even more the Nucleus are a luxury already but that’s a different topic. 
If things were as bad as in the example you’ve linked to: what use would a signed distribution of update packages have been of? My guess: none.
To repeat what I’ve said earlier in this thread: I’m not trying to say something shouldn’t be done but want to find out how much at risk I might be with how things are right now. In the bucket case: if it’s not easily writeable then the risk seems not that alarming. Everything can be better everywhere and always - but does it has to be? Or to ask differently: is it really “super super dangerous”?
I of course agree with you that as long as it’s handled well, it’s fine. I’m not an infosec guy, but my understanding is that the answer to “how dangerous is it” is “how much do you trust the RoonLab guys not to screw up ?”. I don’t at all, not because I don’t think they’re highly competent, but because they’re human, and screwing up’s what even the most competent humans sometimes do.
Then there’s how risk-averse you are: I’d consider going out to a nightclub and having unprotected sex as dangerous because AIDS, even though, especially as a heterosexual male, it statistically isn’t that risky (0.08% per act or something). Despite those low odds, I’m the kind that thinks unprotected sex with strangers is irresponsible, stupid, and super-dangerous.
Likewise, given the well-documented security screwups even by people whose job it is to not screw up (think LastPass and HackingTeam), and the potential risks involved, not having a second layer of protection truly seems irresponsible to me.
It’s also impossible to answer your “how dangerous is it really” question without a full audit, and it’d likely be granular, with differences between OS’s, networking setups, and what kind of stuff each user has on their home computer. But keeping in mind the failures of others, are you willing to gamble a takeover of your identity, or bank account, on a company’s diligence at cloud security ? Since it’s realistically impossible to avoid it, I’d rather have the odds be as good as possible, and I’d rather be on the more alarmist than on the more laidback side by considering not having added layers to mitigate very human screwups is “super, super dangerous”, but to each their own.
Also, I wouldn’t be surprised if RoonLabs wan’t the lowest-hanging fruit in your (or my) house, let alone in the Roon ecosystem. How much do you trust your endpoint vendor’s security ? 
The good thing is the weakest point in a consumer’s home network is known. It’s the consumer. 
While I’m still not convinced that I’ve to isolate my ROCK because of the assumed lack of package integrity checks for installation and update I give in accepting it leaves probably unnecessary room for improvement (after some reading at OWASP, admittedly).
It’s noteworthy that for mobile OSs software distribution seems to be better protected (when done via app stores). I wouldn’t mind a if there’d be a “coreless” macOS Roon client in the Mac app store too. Because a macOS device is the weakest endpoint device in use here. 
All the other endpoint devices aren’t allowed to connect to the internet. The beauty of RAAT is that it’s designed to not need constant updates. And if one doesn’t go for music streaming services no internet is needed for those endpoint devices.
This gave me a truly horrifying vision of “which QubesOS VM sounds better” discussion threads.
Another plus 1 for some sort of password protection.
I have a second Roon Licence that I use at work which any other people on the network with exceptionally good taste would be able to access - and me their Roon Library.
Surely as simple password addition cannot be that difficult a thing to introduce? By all means make it configurable so that the requirement for a password can be turned off.
.sjb
@RBM, thanks for pointing me to the options. How are updates working within the Docker? Is it possible to update Roon core from the endpoint? What happens when the Docker package is updated?
The reason I am asking is that some time ago I wanted to run a Unifi controller in a docker. I found out that updates were not possible. If I wanted to update the controller or the docker I had to save the settings/backup, reinstall everything and recover the settings. Is it not the case with Roon in a docker?
Super transparent here (I use the ronch docker on unraid). “There’s a software update”, click, click, done. Might have to restart the docker though, don’t remember, but don’t think so.
I know that this is a old thread, but it’s still a very important one.
I’m new to Roon, and have started the trial that will turn into a yearly subscription for the time being. I really like the software, but when I went to look at creating more profiles for read/play only access for other members of my household, I was disappointed to see that profiles are in a very primitive state. There is no way to create that type of profile at this time. In addition; it would be great to have different profiles have separate playlists and streaming music stations tied to there individual profiles. I’m not sure about handling Tidal/Qobuz accounts for those that have the ability purchase albums as well as stream music from there accounts.
I’d be happy with basic read only and some parental controls to protect the metadata and source files to prevent any file and data losses.
Bump. With the launch of Roon Arc security seems more important than ever. I am still
scratching my head as to why anyone on my home network can simply type the Roon Core IP address into their browser and be able to restart/shutdown my Roon Core via the wide open web interface. Even worse, any library item that Roon has read/write access to, anyone with Roon Remote on my network can DELETE files (this has prevented me from connecting my local music library directly to my Core, instead Roon connects with read only access to a network share)
Please enable password protection for the web interface and, at the very least, first time access password protection for Roon Remote. Ideally I would be able to designate which Roon profiles can delete files and which cannot.
I love Roon, but I am really surprised these basic security issues are still lingering… especially with the launch of Roon Arc which, if enabled, exposes my Roon Core to the World Wide Web and all the bad actors within.
