Reddit claims Roon has a back door to your server/info

I don’t use Roon, but Reddit group claims there is some back door on your account.

https://www.reddit.com/r/audiophile/comments/174zeng/fyi_roon_has_backdoor_access_to_every_installation/?utm_source=share&utm_medium=ios_app&utm_name=ioscss&utm_content=2&utm_term=1

it´s bit overhyped , basically Roonlabs has access to core to check logs and system/network info.
For privacy conscious people this is red flag, but it’s not so uncommon practice in the industry.
Roonlabs says they use that feature only upon user confirmation.
Btw Tesla has remote access to any of their cars too.

They would have a difficult time profiting from the data they collect from me.
I am totally dull.

And I am Jabba the Hut.

You just want Leia on a chain.
(It is a nice thought)

10 friggin 4

Assuming this is correct, this is perhaps the most concerning aspect (although, as others have pointed out, this is very common in the commercial software world):

“on a Linux box Roon runs as root so it has access to everything on that box and for Arc they want you to enable upnp on your router… You can work around this so that it runs as a different user, but it should be like this out of the box.”

Third party userland software running as root is very very poor installation protocol / programming design.

…Anecdote alert:

Once, on an Oracle database admin course myself and a fellow Unix admin were attending, and the teacher stated
“if you ever have a file permissions problem, simply make every file on the system readable and writable by everyone and the problem will go away”.

We very nearly walked out and demanded a refund on the course, but instead spent a good hour explaining to the teacher (and the students) why this was very bad.

Sad thing is I know very well next course exactly the same advice was given.

Running user software as “root” or “Administrator” in wintel terms, is very bad.

Nearest equivalent I can think of is Plex media server.
Plex runs under its own user (non-root).

FYI it’s quite easy to make RoonCore running under it’s own user, here are my notes (i’m using it over year now)

systemctl stop roonserver

# create user roon in group love
adduser --system --home /var/roon/ --no-create-home roon

# make roon user being owner of roonserver files
chown -R roon /var/roon/ /opt/RoonServer /tmp/roon*

# edit systemd service changing root to roon user
systemctl edit roonserver --full

   #User=root
   User=roon

# allow roon user to sudo for cifs mounts , allow keeping it's environment
echo 'Cmnd_Alias MOUNTCIFS=/sbin/mount.cifs' >> /etc/sudoers
echo 'roon ALL=NOPASSWD:SETENV: MOUNTCIFS' >> /etc/sudoers

systemctl start roonserver

Looks good to me

Had to do something very similar for “plexconnect” - a nice bit of middleware that allows using apple TV gen 2 with Plex, but by default (as per the instructions anyway) runs as root.

only if you want port forwarding to work automatically. You can manually assign a port and the IP address to forward to (this is what I do). I understand concerns about port forwarding - just kind low on MY list of concerns.

Roon ARC. LOL!
As if.