Roon Server on NAS with unlimited access to filesystem by default?!

Hi Guys!

Currently, Roon runs on my Synology DS218+ NAS with 10GB RAM and an external SSD to store the database.

While setting up automatic backups for the database in the settings of the Roon Server, I discovered that Roon Server can basically access EVERY single folder on my NAS.
Without any issues, I could place the backup folder into home folders of administrators or any other user. Even system folders can be selected.

From a security point of view, it is a little bit scary that a third party application has full excess to all data on the NAS.

In parallel to Roon I also run a Plex Media Server. For Plex, it is possible to restrict the access to data on the NAS since it uses a separate user named “Plex”.

Does anybody know, how to restrict the access to the data on the NAS for Roon?

I really like running Roon on the NAS but the unlimited access to my whole data is really something that worries me… basically, Roon runs with full admin access to the disks…

I had the same revelation when I set up Roon the first time. I took it down and built a dedicated RoonCore server running ROCK, dedicated NAS, and on a dedicated network separate from my regular home network.

Probably overkill and not “smart” enough, but I wasn’t on board with Roon having access to all my other networked files or to my home network in general in case it ever got compromised.

This is something that is not limited to the NAS system.
Roon runs with full admin access on all platforms (afaik): Mac, Windows, Linux (including all NAS systems).
There is one special behaviour on NAS: It should show only the shared folders in the file browser (and hide system folders).
Is this different on your Synology Diskstation?

Ok, I checked again: it doesn’t show system folders. But it shows all of the shared folders.

I understand that using unrestricted access to all data is the most convenient way to add music from various folders on the system to the Roon database.
Nevertheless, in my opinion all settings that allow browsing through personal home folders of users should be restricted in a way that limits this to an admin of the database. Currently, everybody using the same LAN with the Roon App on any device can save backup files without any access restrictions.

But following your explanation, full access seems to be the intended behavior of Roon?!

By the way: thanks for creating the NAS packages. It’s the best music server I used on my NAS so far…

What is the status of this item? any changes? Because of this issue I cannot run Roon as an app on QNAP, unacceptable security. Workaround is to run Roon core as a docker, where security is under control. Roon core only has read access to the Music folder.

Did a little additional research, seems that Synology is a little ahead of Qnap concerning this issue. For example PLEX on synology creates a user which you can assign file privileges to. This is not available to Qnap PLEX users yet.