Installing Subsonic with limited permissions


Posted on October 5, 2012 by

Subsonic is a great client/server music streaming application.  You can install the server software on a machine of your choice and stream your MP3s or movies from your server to your phone or to a web browser.

Visit the Subsonic web page for more details.

However, the default Subsonic installation on Windows required a few adjustments to make it more secure.  Specifically, the account it runs as should be changed from the default of Local System to an account with limited permissions.

  1. Create a service account.  By default, the Subsonic service runs as Local System.  Create a service account that can be used to run the Subsonic service.  This account only needs to be a member of the Users group.
  2. Modify the permissions on the storage and playlist folders.  Make sure that the Users group has read permissions to the storage folders that hold all of you MP3s.  The service account needs both read and write to the Playlist folder so that custom playlists can be saved.
  3. Configure the Subsonic service to run as the service account and restart it.  After the service is restarted, make sure to test everything out to be sure you can stream music to a phone and a browser and save playlists.


These steps will make the Subsonic server more secure.  In addition make sure you keep your version of Java up to date (as Java can be a security nightmare) and ensure that all external communication is over SSL.

Leave a Reply

Your email address will not be published. Required fields are marked *