How to run pm2 so other server users are able to access the process?
Asked Answered
S

7

45

When I start my Nodejs app with pm2, other server users are not able to access the process.

Even if I start pm2 from a custom directory (not current user's ~/, what pm2 is using by default):

HOME=/var/www pm2 start app.js

Directory is accessible by any user (comparing to ~/, but there's still no way other server user is able to access the process.

When other server user does pm2 list, it shows him 0 processes are running – but there are (started by another user). And when other user tries HOME=/var/www pm2 list, CLI throws an error:

events.js:72
    throw er; // Unhandled 'error' event
          ^
Error: connect EACCES
    at errnoException (net.js:905:11)
    at Object.afterConnect [as oncomplete] (net.js:896:19)

So I am wondering how to make sure users are able to access pm2 processes run by other server users? Or it shall be approached differently?


I am wondering why every server user is able to make git pull to deploy latest source code from a Git repository, but can't restart pm2 process afterwards? Only the user that started pm2 process is able to restart it… Weird.

Stiegler answered 24/8, 2015 at 9:10 Comment(2)
One pm2 instance only belong to the user that started it.Detradetract
@Nik Sumeiko, You are not supposed to add the forever tag in this post, according to the description.Curt
I
32

Here's how we bypassed this.

Just create a group

  • Create a new group pm2 or whatever name works for you

    $ groupadd pm2

  • Change the /var/www/ folder group owner to group pm2

    $ chgrp -R pm2 /var/www

  • Add the other user, let's say bob, to pm2

    $ usermod -aG pm2 bob

Now bob can run pm2 commands by changing $HOME to /var/www

$ env HOME=/var/www pm2 list

Or (better still) create an alias as @jcollum suggested

$ alias pm2='env HOME=/var/www pm2'

Interrogative answered 7/10, 2015 at 15:3 Comment(6)
This worked for me. The other thing to do is to alias PM2 so that env HOME was included in all pm2 calls.Mow
Sorry for noob's question. In the solution above - if user "bob" run something with pm2 (for example "pm2 list"), it will change his HOME variable. Only for this command or it will be permanent (in this case this isn't a good solution, because many applications ask for this HOME variable).Billposter
I'm having the exact problem, but I'm from Windows server, can anyone please let me know how to do the equivalent in Windows environment?Truncate
@Billposter each application in Linux runs as a user and further within an environment. You will need to set the ENV for the user that runs's the application. Hope this makes sense.Interrogative
@Billposter note the way that the command is run: "env HOME=/var/www pm2 list" all on one line. Specifying an env variable on the same line before running a command sets that env var locally for that command. So when this has executed, $HOME goes back to its original value. In fact technically, the value never changed.Scar
Hello @Truncate ! Did you ever managed to solve this issue on your Windows enviroment?Holyhead
N
16

Ok, here is my solution for same problem:

# 1. Create user PM2 and set his password
sudo useradd -d /opt/pm2 -m -s /bin/bash pm2
sudo passwd pm2

# 2. Add users you want to provide the access to PM2 to PM2 group
sudo usermod -aG pm2 <username>

# Note: if you added yourself to pm2 group, perform logout and login back to the host machine   

# 3. Set the PM2_HOME variable
sudo touch /etc/profile.d/pm2.sh
sudo sh -c 'echo "export PM2_HOME=\"/opt/pm2/.pm2\"" > /etc/profile.d/pm2.sh'
source /etc/profile.d/pm2.sh

# 4. Install the PM2 
# Check the npm prefix if fail: 
# https://docs.npmjs.com/misc/config#prefix
sudo npm install pm2 -g

# 5. Make startup script
sudo pm2 startup ubuntu -u pm2 --hp /opt/pm2

sudo systemctl enable pm2-pm2 && \
sudo systemctl start pm2-pm2 && \
sudo systemctl status pm2-pm2

# 6. Change permission of PM2_HOME
sudo chmod -v g+w /opt/pm2/.pm2

# 7. Check the PM2
pm2 status
Nummulite answered 11/9, 2016 at 15:2 Comment(5)
Does the PM2_HOME variable need to be set before installation? I've already installed pm2 and would like to avoid re-installing...Hardaway
You can set it in any time, Mark. It just points to home directory of PM2.Nummulite
Only problem I've found, every time pm2 service restarts it will rewrite the VERY important pub.sock and rpc.sock files and you will lose the 770 access you set. These files need to be chmodded every restart.Nonresident
Best solution for me!Esdras
@Nonresident Umask solution didn`t help you? Did you performed some PM2 operations with sudo? Under which OS/distro (Windows, Ubuntu, Raspbian, something else) operating yout PM2?Nummulite
M
9

It seems that PM2 saves data under user's '~/.pm2' folder, so other users can not see your PM2 process with 'pm2 status'.

I created a new linux user for PM2, and all users use 'su pm2user' before starting Pm2 process:

$ sudo su pm2user
$ sudo pm2 start app.js

It's a stupid way, but it is simple and works well. Hope this would help :)

Madalynmadam answered 24/3, 2016 at 8:36 Comment(1)
No need for sudo here for both commands.Cauvery
N
5

Assuming you run pm2 as www-data. To have access to that pm2 instance, I do: sudo -u www-data HOME=/var/www pm2 list for example. You can, of course, create a script (e.g. supm2) that does that for you so you can just do supm2 list instead.

Norse answered 27/4, 2016 at 2:21 Comment(0)
I
1

I've faced a similar issue. The reason may be that you do not have the required permissions, or you do not own the pid and sock files created by pm2. In my case, it was working fine when I started the pm2 from commandline instead of startup. When I used startup, it was running as root user by default. So root was the owner of the pid, sock files

Ibanez answered 28/8, 2015 at 6:54 Comment(3)
Shrinath, what do you mean by starting pm2 from a startup? Start up of the server? I always start pm2 from a CLI, but not as a root user. However, as a user being in sudoers group.Stiegler
Perhaps, there's a way to change pid, sock files permissions then? So other users (sudoers, if it matters) has permission to see started pm2 processes?Stiegler
I mean to say that the user to whom the error message is thrown while running has no permission to access the pm2 pid files. The pm2 is started by different userIbanez
S
0

I know that I am late to the party, but this is how I did it:

PM2="/usr/share/nodejs/pm2"
USER="me"
useradd $USER
groupadd pm2
chgrp -R pm2 $PM2
usermod -aG pm2 $USER
setfacl -Rdm g:pm2:rwx $PM2

/etc/bash.bashrc etc

export PM2_HOME=$PM2;
Stockjobber answered 20/5, 2019 at 1:52 Comment(1)
What's about security risk of running pm2 processes if shared by a group-permission? Generally all users who are in the group can also start, stop, remove, etc. all pm2 processes... even those of other users, right?! So in this way it is only usable if you 100% trust all users that are added to the pm2-group, or am I wrong?Psychro
H
0

I also have the need to use pm2 with multiple users and I found a solution seemed even better. Here is brief version from Piotr Sobuś's medium article.

sudo groupadd pm2 # Create pm2 group for user who want manage pm2 together
sudo usermod -a -G pm2 user1 # add yourself to pm2 group
sudo usermod -a -G pm2 user2 # add as many user as you need to pm2 group
# you need to login again for new group to apply to user
sudo mkdir /etc/pm2daemon
sudo chgrp -R pm2 /etc/pm2daemon
sudo chmod -R 770 /etc/pm2daemon
sudo chmod g+s /etc/pm2daemon

Add following lines to ~/.bashrc for users that you want to share pm2 management.

# PM2 environment
export PM2_HOME=/etc/pm2daemon

If you install pm2 systemd service with pm2 startup. You also need to modify PIDFILE and PM2_HOME in systemd service confgiuration file: /etc/systemd/system/multi-user.target.wants/pm2-YOUR_USER_NAME.service

from:

...
Environment=PM2_HOME=/home/YOUR_USER_NAME/.pm2
PIDFile=/home/YOUR_USER_NAME/.pm2/pm2.pid
...

to:

...
Environment=PM2_HOME=/etc/pm2daemon
PIDFile=/etc/pm2daemon/pm2.pid
...

After modification, you need to use systemctl daemon-reload to update systemd configuration. Now start the service with sudo systemctl start pm2-YOUR_USER_NAME.service.

Then you can now use pm2 across users that you shared.

PS. If you fail to start service with systemctl, kill current pm2 daemon process by pm2 kill. Now you should able to use systemctl to start pm2 daemon.

Hamartia answered 10/12, 2022 at 17:0 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.