When I start my Nodejs app with pm2, other server users are not able to access the process.
当我用pm2启动Nodejs应用程序时,其他服务器用户无法访问这个过程。
Even if I start pm2 from a custom directory (not current user's ~/
, what pm2 is using by default):
即使我从一个自定义目录开始pm2(不是当前用户的~/,在默认情况下,pm2使用的是什么):
HOME=/var/www pm2 start app.js
Directory is accessible by any user (comparing to ~/
, but there's still no way other server user is able to access the process.
任何用户都可以访问目录(与~/相比,但是其他服务器用户仍然无法访问进程。
When other server user does pm2 list
, it shows him 0 processes are running – but there are (started by another user). And when other user tries HOME=/var/www pm2 list
, CLI throws an error:
当其他服务器用户执行pm2列表时,它显示正在运行0个进程——但是有(由另一个用户启动)。当其他用户尝试HOME=/var/www pm2列表时,CLI抛出一个错误:
events.js:72
throw er; // Unhandled 'error' event
^
Error: connect EACCES
at errnoException (net.js:905:11)
at Object.afterConnect [as oncomplete] (net.js:896:19)
So I am wondering how to make sure users are able to access pm2 processes run by other server users? Or it shall be approached differently?
所以我想知道如何确保用户能够访问由其他服务器用户运行的pm2进程?还是应该有不同的处理方式?
I am wondering why every server user is able to make git pull
to deploy latest source code from a Git repository, but can't restart pm2
process afterwards? Only the user that started pm2
process is able to restart it… Weird.
我想知道为什么每个服务器用户都能够让git pull从git存储库中部署最新的源代码,但是之后却不能重新启动pm2进程?只有启动了pm2进程的用户才能够重新启动它…
5 个解决方案
#1
5
Here's how we bypassed this.
这是我们如何绕过的。
Just create a group
只是创建一个组
-
Create a new group
pm2
or whatever name works for you创建一个新的组pm2或任何适合您的名称
$ groupadd pm2
美元groupadd pm2
-
Change the
/var/www/
folder group owner to grouppm2
将/var/www/文件夹组所有者更改为组pm2
$ chgrp -R pm2 /var/www
$ chgrp -R pm2 /var/www
-
Add the other user, let's say bob, to pm2
将另一个用户,比如bob,添加到pm2
$ usermod -aG pm2 bob
$ usermod -aG pm2 bob
Now bob can run pm2 commands by changing $HOME to /var/www
现在bob可以通过将$HOME更改为/var/www来运行pm2命令
$ env HOME=/var/www pm2 list
$ env HOME=/var/www pm2列表
Or (better still) create an alias as @jcollum suggested
或者(更好的是)创建一个别名,如@jcollum建议的那样
$ alias pm2='env HOME=/var/www pm2'
$ alias pm2='env HOME=/var/www pm2'
#2
4
It seems that PM2 saves data under user's '~/.pm2' folder, so other users can not see your PM2 process with 'pm2 status'.
似乎PM2在用户的~/下保存数据。“pm2”文件夹,让其他用户无法看到“pm2状态”的pm2进程。
I created a new linux user for PM2, and all users use 'su pm2user' before starting Pm2 process:
我为PM2创建了一个新的linux用户,所有用户在开始PM2过程之前都使用“su pm2user”:
$ sudo su pm2user
$ sudo pm2 start app.js
It's a stupid way, but it is simple and works well. Hope this would help :)
这是一种愚蠢的方法,但它很简单,而且效果很好。希望这能有所帮助:
#3
3
Ok, here is my solution for same problem:
这是我对同样问题的解决方案:
- Create PM2 home directory:
sudo mkdir /opt/pm2
- 创建PM2主目录:sudo mkdir /opt/ PM2
- Create user pm2:
sudo useradd -d /opt/pm2 -M -r -s /bin/false pm2
- 创建用户pm2: sudo useradd -d /opt/pm2 -M -r -s /bin/false pm2
- Add all required users to the pm2 group:
sudo usermod -aG <username>
-
将所有必需的用户添加到pm2组:sudo usermod -aG
- Set owner of /opt/pm2:
sudo chown pm2:pm2 /opt/pm2
- 设置所有者/opt/pm2: sudo chown pm2:pm2 /opt/pm2
- Change permissions:
sudo chmod 770 /opt/pm2
- 更改权限:sudo chmod 770 /opt/pm2。
- Set environment variable (I'm using /etc/environment):
PM2_HOME=/opt/pm2
- 设置环境变量(我正在使用/etc/environment): PM2_HOME=/opt/pm2
- Install pm2:
sudo npm install pm2 -g
. Mine npm prefix is set to /usr/local. - 安装pm2: sudo npm安装pm2 -g。我的npm前缀被设置为/usr/ local。
- Run
sudo pm2 startup
. It will generate startup script for your system (in my case it is Ubuntu Server). - 运行sudo pm2启动。它将为您的系统生成启动脚本(在我的例子中是Ubuntu服务器)。
- Open startup script (again, in my case it is /etc/init.d/pm2-init.sh) and edit the following variables
USER=pm2 ... export PM2_HOME="/opt/pm2"
- 打开启动脚本(在我的例子中是/etc/init.d/pm2-init.sh)并编辑以下变量USER=pm2…出口PM2_HOME = " / opt / pm2 "
In my Raspberry PI I got issue with socket file permission inheritance, they're set read-only for group instead of rwx is applied to home dir: srwxr-xr-x 1 pm2 pm2 0 Sep 11 17:27 pub.sock srwxr-xr-x 1 pm2 pm2 0 Sep 11 17:27 rpc.sock
在我的树莓PI中,我遇到了socket文件权限继承问题,它们为group设置为只读,而不是rwx被应用到home dir: srwxr-xr- xr- x1 pm2 pm2 0 9月11日17:27 pub。袜子srwxr-xr- x1 pm2 0 9月11日17:27 rpc
After hours of googling I finally found the solution: I added the following line to the startup script: umask 0002
and got it: srwxrwxr-x 1 pm2 pm2 0 Sep 11 17:27 pub.sock srwxrwxr-x 1 pm2 pm2 0 Sep 11 17:27 rpc.sock
在搜索了几个小时之后,我终于找到了解决方案:我在启动脚本中添加了如下一行:umask 0002,并得到了它:srwxrwxr-x 1 pm2 pm2 0 9月11日17:27 pub。袜子srwxrwxr- x1pm2 pm2 0 9月11日17:27 rpg .sock
Thats all.
这一切。
#4
1
Assuming you run pm2 as www-data
. To have access to that pm2 instance, I do: sudo -u www-data HOME=/var/www pm2 list
for example. You can, of course, create a script (e.g. supm2
) that does that for you so you can just do supm2 list
instead.
假设您将pm2作为www数据运行。要访问pm2实例,我需要:sudo -u www-data HOME=/var/www pm2列表。当然,您可以创建一个脚本(例如supm2),以便您可以只执行supm2列表。
#5
0
I've faced a similar issue. The reason may be that you do not have the required permissions, or you do not own the pid and sock files created by pm2. In my case, it was working fine when I started the pm2 from commandline instead of startup. When I used startup, it was running as root user by default. So root was the owner of the pid, sock files
我也遇到过类似的问题。原因可能是您没有所需的权限,或者您没有pm2创建的pid和sock文件。在我的例子中,当我从命令行启动pm2而不是启动时,它运行良好。当我使用startup时,它默认以root用户的身份运行。root是pid, sock文件的所有者
#1
5
Here's how we bypassed this.
这是我们如何绕过的。
Just create a group
只是创建一个组
-
Create a new group
pm2
or whatever name works for you创建一个新的组pm2或任何适合您的名称
$ groupadd pm2
美元groupadd pm2
-
Change the
/var/www/
folder group owner to grouppm2
将/var/www/文件夹组所有者更改为组pm2
$ chgrp -R pm2 /var/www
$ chgrp -R pm2 /var/www
-
Add the other user, let's say bob, to pm2
将另一个用户,比如bob,添加到pm2
$ usermod -aG pm2 bob
$ usermod -aG pm2 bob
Now bob can run pm2 commands by changing $HOME to /var/www
现在bob可以通过将$HOME更改为/var/www来运行pm2命令
$ env HOME=/var/www pm2 list
$ env HOME=/var/www pm2列表
Or (better still) create an alias as @jcollum suggested
或者(更好的是)创建一个别名,如@jcollum建议的那样
$ alias pm2='env HOME=/var/www pm2'
$ alias pm2='env HOME=/var/www pm2'
#2
4
It seems that PM2 saves data under user's '~/.pm2' folder, so other users can not see your PM2 process with 'pm2 status'.
似乎PM2在用户的~/下保存数据。“pm2”文件夹,让其他用户无法看到“pm2状态”的pm2进程。
I created a new linux user for PM2, and all users use 'su pm2user' before starting Pm2 process:
我为PM2创建了一个新的linux用户,所有用户在开始PM2过程之前都使用“su pm2user”:
$ sudo su pm2user
$ sudo pm2 start app.js
It's a stupid way, but it is simple and works well. Hope this would help :)
这是一种愚蠢的方法,但它很简单,而且效果很好。希望这能有所帮助:
#3
3
Ok, here is my solution for same problem:
这是我对同样问题的解决方案:
- Create PM2 home directory:
sudo mkdir /opt/pm2
- 创建PM2主目录:sudo mkdir /opt/ PM2
- Create user pm2:
sudo useradd -d /opt/pm2 -M -r -s /bin/false pm2
- 创建用户pm2: sudo useradd -d /opt/pm2 -M -r -s /bin/false pm2
- Add all required users to the pm2 group:
sudo usermod -aG <username>
-
将所有必需的用户添加到pm2组:sudo usermod -aG
- Set owner of /opt/pm2:
sudo chown pm2:pm2 /opt/pm2
- 设置所有者/opt/pm2: sudo chown pm2:pm2 /opt/pm2
- Change permissions:
sudo chmod 770 /opt/pm2
- 更改权限:sudo chmod 770 /opt/pm2。
- Set environment variable (I'm using /etc/environment):
PM2_HOME=/opt/pm2
- 设置环境变量(我正在使用/etc/environment): PM2_HOME=/opt/pm2
- Install pm2:
sudo npm install pm2 -g
. Mine npm prefix is set to /usr/local. - 安装pm2: sudo npm安装pm2 -g。我的npm前缀被设置为/usr/ local。
- Run
sudo pm2 startup
. It will generate startup script for your system (in my case it is Ubuntu Server). - 运行sudo pm2启动。它将为您的系统生成启动脚本(在我的例子中是Ubuntu服务器)。
- Open startup script (again, in my case it is /etc/init.d/pm2-init.sh) and edit the following variables
USER=pm2 ... export PM2_HOME="/opt/pm2"
- 打开启动脚本(在我的例子中是/etc/init.d/pm2-init.sh)并编辑以下变量USER=pm2…出口PM2_HOME = " / opt / pm2 "
In my Raspberry PI I got issue with socket file permission inheritance, they're set read-only for group instead of rwx is applied to home dir: srwxr-xr-x 1 pm2 pm2 0 Sep 11 17:27 pub.sock srwxr-xr-x 1 pm2 pm2 0 Sep 11 17:27 rpc.sock
在我的树莓PI中,我遇到了socket文件权限继承问题,它们为group设置为只读,而不是rwx被应用到home dir: srwxr-xr- xr- x1 pm2 pm2 0 9月11日17:27 pub。袜子srwxr-xr- x1 pm2 0 9月11日17:27 rpc
After hours of googling I finally found the solution: I added the following line to the startup script: umask 0002
and got it: srwxrwxr-x 1 pm2 pm2 0 Sep 11 17:27 pub.sock srwxrwxr-x 1 pm2 pm2 0 Sep 11 17:27 rpc.sock
在搜索了几个小时之后,我终于找到了解决方案:我在启动脚本中添加了如下一行:umask 0002,并得到了它:srwxrwxr-x 1 pm2 pm2 0 9月11日17:27 pub。袜子srwxrwxr- x1pm2 pm2 0 9月11日17:27 rpg .sock
Thats all.
这一切。
#4
1
Assuming you run pm2 as www-data
. To have access to that pm2 instance, I do: sudo -u www-data HOME=/var/www pm2 list
for example. You can, of course, create a script (e.g. supm2
) that does that for you so you can just do supm2 list
instead.
假设您将pm2作为www数据运行。要访问pm2实例,我需要:sudo -u www-data HOME=/var/www pm2列表。当然,您可以创建一个脚本(例如supm2),以便您可以只执行supm2列表。
#5
0
I've faced a similar issue. The reason may be that you do not have the required permissions, or you do not own the pid and sock files created by pm2. In my case, it was working fine when I started the pm2 from commandline instead of startup. When I used startup, it was running as root user by default. So root was the owner of the pid, sock files
我也遇到过类似的问题。原因可能是您没有所需的权限,或者您没有pm2创建的pid和sock文件。在我的例子中,当我从命令行启动pm2而不是启动时,它运行良好。当我使用startup时,它默认以root用户的身份运行。root是pid, sock文件的所有者