When installing the Roon Server on a linux system, it is recommended to run the application as root in order to give access to all the necessary system ressources that roon needs to function properly. Perhaps this is an acceptable work-around on a Rasberry Pi, or other small computers dedicated exclusively to roon. But in general, this is a somewhat unorthodox practice and may create significant security risks, especially if the roon core is running along other services (openvpn, file server, ssh, etc.) on a linux server or desktop.
I am a new roon user, I love the application, and I just installed the Roon Server on a linux computer running as a user other than root. Here is my complete installation procedure in case this could be useful to other people.
The installation was performed on Ubuntu 18.04 LTS Bionic Beaver.
First, check the general manual installation instructions on the roon website:
http://kb.roonlabs.com/LinuxInstall.
Note that many commands must be run as root using the sudo
command (preferred approach) or another method.
System preparation before installation
- Create a new system user and group named
roon
with no login access and home directory/var/opt/roon
sudo adduser --system --gecos "Roon Services" --disabled-password --group --home /var/opt/roon roon
Note: According to the Linux Filesystem Hierarchy Standard, a third-party package like roon should be installed in /opt/roon
, with variable data in /var/opt/roon
(rather than /var/roon
).
- Create package directory and give user and group ownership to roon (to allow self-updates, among other things)
sudo mkdir -m 755 /opt/roon
sudo chown roon:roon /opt/roon
- Use this command to add the roon user to other groups (such as audio). In my case, I needed to add
roon
to a group named ‘media
’ in order to access my music files:
sudo usermod -a -G media roon
Roon Server installation
- Download and unpack the roon server package in
/opt/roon
sudo -u roon sh -c 'wget -O - "http://download.roonlabs.com/builds/RoonServer_linuxx64.tar.bz2" | tar -xjC /opt/roon -f -'
- The server package contains a script to check that all the needed dependencies are met. Run the script with the appropriate user:
sudo -u roon /opt/roon/RoonServer/check.sh
If there is a problem with a dependecy, it needs to be fixed before moving on. For instance, ffmpeg can be installed using the command sudo apt install ffmpeg
if the script reports a problem.
- At this point, we should have a working Roon Server installation. We can test this by running the
start.sh
script in the Roon Server directory.
sudo su -s /bin/sh -c '/opt/roon/RoonServer/start.sh' roon
Note: We must use the su -s
command to invoke a new shell as user roon
with the proper environment variables, and we use sudo
to have enough privileges to execute that command.
If everything was configured properly, the process should start and print Initializing
, Started
, Running
… etc. Client applications on other systems should be able to connect to the Roon Core.
The server can be stopped using Ctr-C
, the kill
command, terminating the shell session, etc.
Starting Roon Server as a service
In order to start Roon Server automatically at boot and run it in the background, we must start Roon Server as a service with systemd.
- Create a systemd service unit configuration file named
roonserver.service
in/etc/systemd/system
sudo nano /etc/systemd/system/roonserver.service
The file must contain the following configurations, comment lines starting with the dial sign can be removed if desired.
[Unit]
Description=RoonServer
After=network-online.target
[Service]
Type=simple
User=roon
Group=roon
# By default, Roon Server creates hidden directories called .RoonServer and
# .RAATServer inside of $HOME. Roon Bridge also uses the .RAATServer directory.
# We can tell Roon Server and Roon Bridge to use a different location for that
# data using these environment variables.
#Environment=ROON_DATAROOT=$HOME
#Environment=ROON_ID_DIR=$HOME
# Even if Roon Server check.sh script reported that the ulimit of open files was
# high enough, systemd ignores the ulimit set for shell sessions. We must tell
# systemd that the roonserver service can raise the limit to 8192.
LimitNOFILE=8192
ExecStart=/opt/roon/RoonServer/start.sh
Restart=on-abort
[Install]
WantedBy=multi-user.target
- Enable Roon Server service, this is necessary to enable automatic service restart at boot
sudo systemctl enable roonserver.service
- Start service
sudo systemctl start roonserver.service
- Check service status to make sure everything is working properly.
sudo systemctl status roonserver.service
Fix for mounting network shares
Roon will try to mount network shares in /mnt
, but this is the recommended directory for systems administrators, and only the root user have the permission to write to that directory on Ubuntu 18.04. This was not a problem when Roon Server was running with root privileges, but now our Roon Server (running as user roon
) won’t be allowed to create directories to mount networked folders.
There are two main approches for fixing this issue:
a) Mount the network share manually using the mount.cifs
command or automatically at boot with /etc/fstab
b) Create a new system group that can write to the /mnt
folder and add root
and roon
user to that group
I have not tested any of these approaches, but here are a few notes. The first approach is the most logical and the most secure, a network share can be mounted in /mnt
and we can add that share in roon like a normal local storage folder. However, this will force us to manage network shares ourselves. In the second case, we should be able to mount network shares directly within the roon applications, but this creates the risk that there will be interferences between the shares mounted by the system administrators and Roon Server (in addition to creating security risks).