There are many good reasons not to run user applications wth root privileges - isn’t it time Roon revisit the practice of having to run as Root user?
I heard it’s been done because it’s the easiest way to explain how to install it. Nothing prevents you from not running it as root though. I have a separate user (roon) that I run Roon as. Took a bit of tweaking, but not that hard really.
I personally never contemplated running it as root. I’ve simply created a “roon” user owning /var/roon (its homedir) and /opt/RoonBridge (to be able to auto-update itself), e.g. something like:
adduser --system --group --home /var/roon roon
adduser roon audio
chown -R roon:roon /opt/RoonBridge
Created /etc/systemd/system/roonbridge.service with the following content:
[Unit]
Description=Roon Bridge
After=network.target
[Install]
WantedBy=multi-user.target
[Service]
ExecStart=/opt/RoonBridge/Bridge/RoonBridge
WorkingDirectory=/var/roon
User=roon
Environment=ROON_DATAROOT=/var/roon
Environment=ROON_ID_DIR=/var/roon
Environment=ROOTDIR=/opt/RoonBridge
RestartForceExitStatus=122
Restart=always
LimitNOFILE=8192
ProtectSystem=full
ProtectHome=true
Then just enable and start it:
systemctl daemon-reload
systemctl enable roonbridge
systemctl start roonbridge
One thing I still don’t like is that (apart from a few messages when starting) it doesn’t log anything to journal like other services but instead creates its own logfiles. Other than that it seems reasonably well-behaved.
I did notice however that it fetches its updates via http (not https), and I saw no evidence of a signature check being done on the update. If this observation is correct then I’m certainly glad not to be running this as root.