Potential user question: Is LibreELEC really stuck running as a root-only system?

    I'm trying to bring up a Libre Renegade RK3328-CC SBC as a basic media server and NAS box. LibreElec would seem an obvious starting point... except that Libre's image is built on the "run everything as root:root" model.

    I'm sorry, but I'm a firm believer that most activities should be scoped to a specific user, to ensure that careless errors like rm -rf (or coding errors with similar unintended consequences) can only cause limited damage. Even if the user is configured for passwordless sudo, having the requirement that sudo be explicitly invoked is a major safety improvement. This isn't DOS, or Win3.1, or even OS/2; we have good access controls built into Linux and we really should be using them. NAS, KODI, and other services should be _unable_ to accidentally step on each other or on the operating system.

    1. Is there a compelling reason for making this a single-user system, or was it just "most folks who have only run Windows barely understand the difference between normal and admin roles, never mind multiple users; let's keep it simple for them."
    2. How much mess would be caused by reconfiguring LibreElec to add users, and preferably to run Kodi as a non-root user?
    3. Has anyone already done so, and if so have they shared their experience/checklist -- or, better, a non-root image we could start with?
    4. UNRELATED: Does anyone have advice for wrestling with displays that aren't already recognized? My goal is to use this to feed a Samsung 4K TV, and some of the other images I tried gave up and fell back to what looks like 640x480 resolution. I'm willing to tolerate HDTV resolution and trust the TV to upscale if I must, but it'd be nice to be able to take full advantage of this screen.

    Thanks in advance!

    There is nothing to stop someone changing how the OS is packaged to add more users and run apps/services under different creds, but the OS was originally and intentionally designed to keep things super-simple and running under a single user is part of that. The UX design goal is to achieve 99% of tasks in the GUI and thus negate any need to go near the console (which is default disabled) and the fact the entire core of the OS is read-only largely prevents users from causing problems with errant commands. Users can rm -rf their Kodi config but in most cases a simple reboot will regenerate anything essential so the main risk is losing personal media; and users accessing their own media under their own share don't need sudo for that task anyway.

    From a security perspective running everything is root is bad (no disputing that) but I've spent the last decade in/around DFIR work for my day-job and I have observed real attackers and red-team staff compromising LE devices and while I have seen devices being accessed (via known passwords) the attacker has ultimately lost interest in the device because either our distro packaging defeats scripts and other attack tooling and/or because attacker Linux knowledge/assumptions are based on the RHEL/Ubuntu derived world and/or because they couldn't ascertain what the device was for and were cautious as a result. Attackers were never able to compromise devices with basic controls deployed; i.e. SSH/SMB disabled and the firewall enabled. I'd also argue that if you are a genuine target of interest to a real actor, the "runs everything as root" LE box in your home network is the least of your worries.

    There are known issues with some of the RK devices and resolutions at the moment (there are some threads in the RK section of the forum). I'm not actively following but I believe they are being looked into.

    Sigh. Understood. Your concerns are different from mine. I have industrial-strength firewalls in place at the network level; I'm not significantly worried about people trying to break into the box.

    But I'm looking to bring up a general-purpose machine where Kodi is its public face but where internally it's a full NAS and home automation center. And sometimes I'm going to want other apps on the large screen (teleconferencing, for example), and I'd rather not have to tie up _another_ computer (and HDMI input) to run those.

    I certainly like LibreElec's responsiveness; the only other distro I've found for this machine which boots and responds as snappily is the Armbian build, and for that you get into a certain amount of "who has responsibility for display issues" wrangling. (Armbian doesn't seem to have full edid/xrandr resolution negotiation, and is giving up and picking VGA (!) resolution for my 4K Samsung TV; I don't have a fix for that yet.)

    So starting from LibreElec looked like a possibly promising route. But it sounds like I'm so far out of your target user space that it isn't worth pursuing. Not your fault.

    Alternative suggestions welcome, if you happen to have any, but it sounds like I should just get out of the way and let you work. You're designing a media-only appliance; I want a more general NAS/server with media capabilities. Different strokes. Best wishes for success in your targeted niche.

    If you want to run things like teleconferencing apps on-screen side-by-side with Kodi you need a desktop or app environment where such apps exist, e.g. Ubuntu/Fedora or (don't laugh) Android or Windows. LE is not what you're looking for; unless it's being run in a virtual environment (with GPU mapped to the VM) to handle media-client activities under one of the dedicated NAS distros that allow such things.