When I start my Nodejs app with pm2, other server users are not able to access the process.
Even if I start pm2 from a custom directory (not current user's ~/, what pm2 is using by default):
HOME=/var/www pm2 start app.js
Directory is accessible by any user (comparing to ~/, but there's still no way other server user is able to access the process.
When other server user does pm2 list, it shows him 0 processes are running – but there are (started by another user). And when other user tries HOME=/var/www pm2 list, CLI throws an error:
events.js:72
throw er; // Unhandled 'error' event
^
Error: connect EACCES
at errnoException (net.js:905:11)
at Object.afterConnect [as oncomplete] (net.js:896:19)
So I am wondering how to make sure users are able to access pm2 processes run by other server users? Or it shall be approached differently?
I am wondering why every server user is able to make git pull to deploy latest source code from a Git repository, but can't restart pm2 process afterwards? Only the user that started pm2 process is able to restart it… Weird.
Here's how we bypassed this.
Just create a group
Create a new group pm2 or whatever name works for you
$ groupadd pm2
Change the /var/www/ folder group owner to group pm2
$ chgrp -R pm2 /var/www
Add the other user, let's say bob, to pm2
$ usermod -aG pm2 bob
Now bob can run pm2 commands by changing $HOME to /var/www
$ env HOME=/var/www pm2 list
Or (better still) create an alias as @jcollum suggested
$ alias pm2='env HOME=/var/www pm2'
It seems that PM2 saves data under user's '~/.pm2' folder, so other users can not see your PM2 process with 'pm2 status'.
I created a new linux user for PM2, and all users use 'su pm2user' before starting Pm2 process:
$ sudo su pm2user
$ sudo pm2 start app.js
It's a stupid way, but it is simple and works well. Hope this would help :)
Ok, here is my solution for same problem:
- Create PM2 home directory:
sudo mkdir /opt/pm2
- Create user pm2:
sudo useradd -d /opt/pm2 -M -r -s /bin/false pm2
- Add all required users to the pm2 group:
sudo usermod -aG pm2 <username>
- Set owner of /opt/pm2:
sudo chown pm2:pm2 /opt/pm2
- Change permissions:
sudo chmod 770 /opt/pm2
- Set environment variable (I'm using /etc/environment):
PM2_HOME=/opt/pm2
- Install pm2:
sudo npm install pm2 -g. Mine npm prefix is set to /usr/local.
- Run
sudo pm2 startup. It will generate startup script for your system (in my case it is Ubuntu Server).
- Open startup script (again, in my case it is /etc/init.d/pm2-init.sh) and edit the following variables
USER=pm2
...
export PM2_HOME="/opt/pm2"
In my Raspberry PI I got issue with socket file permission inheritance, they're set read-only for group instead of rwx is applied to home dir:
srwxr-xr-x 1 pm2 pm2 0 Sep 11 17:27 pub.sock
srwxr-xr-x 1 pm2 pm2 0 Sep 11 17:27 rpc.sock
After hours of googling I finally found the solution: I added the following line to the startup script:
umask 0002
and got it:
srwxrwxr-x 1 pm2 pm2 0 Sep 11 17:27 pub.sock
srwxrwxr-x 1 pm2 pm2 0 Sep 11 17:27 rpc.sock
Thats all.
Update:
Let's assume, that you have made pm2 user, it's home directory and added yourself to group pm2.
Now, starting from the point 6, things may be done in the following way:
sudo npm install pm2 -g Remember about npm prefix!- Make the
pm2.sh file under /etc/profile.d/ directory and put there the following line: export PM2_HOME=/opt/pm2/.pm2. Now the PM2_HOME environment variable will be presented to every user after login.
- To make startup script, run the following command:
sudo pm2 startup ubuntu -u pm2 --hp /opt/pm2
- Check the status of service:
sudo systemctl status pm2-pm2
You can rename pm2 service like:
sudo systemctl stop pm2-pm2
sudo mv /etc/systemd/system/pm2-pm2.service /etc/systemd/system/pm2.service
sudo systemctl start pm2
Assuming you run pm2 as www-data. To have access to that pm2 instance, I do: sudo -u www-data HOME=/var/www pm2 list for example. You can, of course, create a script (e.g. supm2) that does that for you so you can just do supm2 list instead.
I've faced a similar issue. The reason may be that you do not have the required permissions, or you do not own the pid and sock files created by pm2. In my case, it was working fine when I started the pm2 from commandline instead of startup. When I used startup, it was running as root user by default. So root was the owner of the pid, sock files
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我命由我不由天 的文章《How to run pm2 so other server users are able to a》','https://www.manongdao.com/article-555535.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}