The easy installer for Linux, which also appears to be used for automatic updates, unpacks files to TMP and then attempt to execute a script. This results in a permission denied error in Ubuntu, as execute access is blocked by default. I’ve manually changed the script to not write to TMP, but that means I have to constantly run it to download updates manually.
Is there any plan to stop using the TMP directory for installs and upgrades?
Make sure you don’t use apt versions of required software (wget, bz2 and ev. CURL) and all should be well. See also:
That’s a different issue. The problem I’m describing is that the Roon script attempts to execute files from within TMP, which is blocked by the OS. You can configure Ubuntu to allow execute permissions in TMP, but that is not something that should be done for security purposes.
So you refer to the execution of check.sh? What Ubuntu flavor and version are you using? Your the first I’ve seen here complaining about this. What are the changes you make to the script to make it work for you? If you have other information/references to your case, it may help to provide that too.
Yes, that’s where it fails. The change I made was to change the path the script uses as its working directory, to one where execution is allowed. I’m running Ubuntu 22.04.3 LTS.
Is /tmp on your system a separate disk partition mounted with the noexec option?
I am running 22.04.3 and I can execute scripts from /tmp just fine. Note that /tmp has the sticky bit set, which means that only file owners can write to or delete files in the directory. But if not mounted as separate partition, script execution in /tmp by default should work.
There were other users participating in the thread I linked above that claimed to run Roon Server on Ubuntu 22.04 and 22.10 (earlier versions for sure back then) and no one complained abut this. I fear the Roon team will not act on a single occurrence. Maybe one of those others can shed some light on this?
Yes, it’s mounted with no exec, which is the standard for an Ubuntu Server installation. It is not recommended to remove that option.
Well,
Well, not really. I did a ‘standard’ minimal Ubuntu server installation, and did not mess with the proposed partitioning structure. I have no separate partition for /tmp, so my server permits script execution in /tmp.
I can see why mounting this directory as a separate partition with noexec might be considered more secure, but this tradeoff is your call to decide.
I have 3 Ubuntu Server 22.04 Roon servers. I’ve never tweaked the /tmp flags. But the installer script has worked perfectly for me multiple times on all of 3 systems.
It’s a fairly standard configuration for an Ubuntu Server. It’s bad practice for an application to attempt executing content from TMP. Just because there’s a workaround by mounting with EXEC, it doesn’t mean that Roon is doing the right thing in the way they install their software.
I don’t disagree with you in principle. And the fact that it has always been like that doesn’t mean that it shouldn’t be corrected to take into account good practice.
It just isn’t really a support issue, as you are well aware why the default script fails with the /tmp directory mounted with noexec. Maybe post in Feedback or even Feature Suggstion…
This topic was automatically closed 45 days after the last reply. New replies are no longer allowed.