There are many good reasons not to run user applications wth root privileges - isn’t it time Roon revisit the practice of having to run as Root user?
I heard it’s been done because it’s the easiest way to explain how to install it. Nothing prevents you from not running it as root though. I have a separate user (roon) that I run Roon as. Took a bit of tweaking, but not that hard really.
I personally never contemplated running it as root. I’ve simply created a “roon” user owning /var/roon (its homedir) and /opt/RoonBridge (to be able to auto-update itself), e.g. something like:
adduser --system --group --home /var/roon roon adduser roon audio chown -R roon:roon /opt/RoonBridge
Created /etc/systemd/system/roonbridge.service with the following content:
[Unit] Description=Roon Bridge After=network.target [Install] WantedBy=multi-user.target [Service] ExecStart=/opt/RoonBridge/Bridge/RoonBridge WorkingDirectory=/var/roon User=roon Environment=ROON_DATAROOT=/var/roon Environment=ROON_ID_DIR=/var/roon Environment=ROOTDIR=/opt/RoonBridge RestartForceExitStatus=122 Restart=always LimitNOFILE=8192 ProtectSystem=full ProtectHome=true
Then just enable and start it:
systemctl daemon-reload systemctl enable roonbridge systemctl start roonbridge
One thing I still don’t like is that (apart from a few messages when starting) it doesn’t log anything to journal like other services but instead creates its own logfiles. Other than that it seems reasonably well-behaved.
I did notice however that it fetches its updates via http (not https), and I saw no evidence of a signature check being done on the update. If this observation is correct then I’m certainly glad not to be running this as root.