Unable to use startup with another user than root

[mbret]

Hello, first thanks for your amazing tool.

After having read many thread I'm still having one problem.

I guess it's not so safe tu start js process with root user (tell me if I'm wrong). So I would like to run them with for exemple www-data.

Well I did these tricks:

pm2 startup ubuntu -u www-data

The startup script is well created with correct user but when my server restart, pm2 doesn't. Inside boot log I can see an error like "no directory, ... using HOME=/ ...". When I startup with root I don't have this error and pm2 start fine. Anyway when I'm using another user for the startup than root, it doesn't start at all.

Maybe I'm wrong, and it's normal to run pm2 with root. I'm very new in server configuration and I just want to make things right and run my node.js app with correct privileges.

Thanks in advance.

[skozin]

I've got a similar problem. I am using CentOS 6.5 and need to run my apps with www user for security reasons. This www user is a system one (useradd -r on centos and probably ubuntu) with no $HOME directory and no shell, so there is no /home/www dir.

When I setup pm2 (latest version from github) to run with www, it is unable to start:

su: warning: cannot change directory to /home/www: No such file or directory

My previous setup was the following: pm2 daemon runs with root, but all apps are configured to run with www:www using run_as_user and run_as_group options. But recently these options were dropped, so this setup is no longer possible.

Another option is to run pm2 daemon with another user that has $HOME directory (admin, for example), and use process.setuid('www') inside each app to change effective user to www. But this fails, because admin user has no privileges to call setuid. I can setup /etc/sudoers to allow this, but that will be of no use, 'cause process.setuid doesn't use sudo.

So, as far as I understand, the only remaining option is to run pm2 with root and call process.setuid inside each app. But I really don't want to run pm2 with root privileges.

Maybe I missing something?

[soyuka]

Those are my recommendations to run pm2 with a user that's not root:

su - myuser #login as myuser
#get nvm (a node version manager, should work with n (https://www.npmjs.org/package/n) too
curl https://raw.githubusercontent.com/creationix/nvm/v0.17.3/install.sh | bash
source ~/.nvm/nvm.sh
#install node 0.10
nvm install 0.10
#make it default
nvm alias default 0.10 
#install pm2
npm i pm2 -g
#start you app
pm2 start app.js

The user will have it's own pm2 instance. I usually put nginx on top of pm2 and set an upstream to the app port.

About pm2 startup, you will probably have to run it as root. But with the -u user mention, it should start the right applications.

[skozin]

The problem is that pm2 cannot successfully start when configured with sudo env PATH=$PATH:/usr/local/bin pm2 startup -u www and when www is a system user that has no home directory /home/www.

[soyuka]

Just change the user home directory.
usermod -d /var/www www

[mbret]

soyuka the startup script does'nt work with any other users than root. Even if you set a home directory fot this user.

[soyuka]

I just set up a vagrant box with pm2 and a startup script.

sudo env PATH=$PATH:path/to/the/bin/node pm2 startup ubuntu -u myuser

worked.

[soyuka]

#837 related

[soyuka]

Closing as #831 duplicate

[theromis]

Sorry for late question, but after reading this I can't understand is it possible to run my process as www-data in ubuntu or not. If not what should I do with www-data?

Because currently I'm running my nodejs as root and this is too bad :(

[knoxcard]

Another possible solution is this, inside your NodeJS script you run...

    process.setgid('www-data')
    process.setuid('www-data')