Roon Synology security issue

Hello, I’ve installed roon core on my synology nas server. The issue I have is when I go to “Settings → Storage → Add folder” it’s able to see folders I don’t want it to be possible to add. It should only list folders that it has access to, in my case the music folder. How do I restrict permissions of the app to only see certain shares? Thank you.

Which version of DSM is your NAS running? The update to DSM 7 removed root permission for 3rd party Apps.

Being able to see the folders on a list is normal behaviour - Roon actually being able to access the folders is a different matter entirely.

If I go to storage settings in Roon and click add folder, all of the folders on the NAS are listed, however most of them have Preview permission set to No Access for RoonServer. So if I select one of those folders, Roon is unable to read it (DSM 7)

If you’re worried (and you shouldn’t be as Roon is only interested in the location of its database and the shared music folder) then you can restrict Roon’s folder permissions (under DSM 6.xxx) in Control Panel > Shared Folder (choose the folder you want to restrict)> Edit > Permissions (then go to the drop down and change it from Local users to System internal user), scroll down to RoonServer and then choose the permissions.

If you’re still running DSM 6.xxx, then I would upgrade to DSM 7, but you will need to grant RonServer System internal user access to your Music folder location as described above. Under DSM 7, by default, RoonServer has no access to any file shares, so whilst the folders are listed in settings > storage > add folder, even if you add a folder, RoonServer will not be able to access it.

I know nothing about Synology but Roon Core does not need (and, IMHO, should not have) root privileges to run successfully. It does need read access to the Music Folder. Write access is only needed if you want to be able to add/delete files therein via the Roon interface. Personally, I prefer to manage the content of the Music Folder myself, and only grant Roon read access.

Roon used to have root access under DSM 6; DSM 7 removed root access for 3rd party Apps. Under DSM 7, Roon is only able to access its own folders (those created during installation for the database etc.) - you have to grant it separate permission to read the shared Music folder.

I decided to run roon in a docker container. This gave me the ability to limit the folder that roon is able to see. I’ve posted my steps here if anyone is interested: