问题
When I start my Nodejs app with pm2, other server users are not able to access the process.
Even if I start pm2 from a custom directory (not current user's ~/, what pm2 is using by default):
HOME=/var/www pm2 start app.js
Directory is accessible by any user (comparing to ~/, but there's still no way other server user is able to access the process.
When other server user does pm2 list, it shows him 0 processes are running – but there are (started by another user). And when other user tries HOME=/var/www pm2 list, CLI throws an error:
events.js:72
throw er; // Unhandled 'error' event
^
Error: connect EACCES
at errnoException (net.js:905:11)
at Object.afterConnect [as oncomplete] (net.js:896:19)
So I am wondering how to make sure users are able to access pm2 processes run by other server users? Or it shall be approached differently?
I am wondering why every server user is able to make git pull to deploy latest source code from a Git repository, but can't restart pm2 process afterwards? Only the user that started pm2 process is able to restart it… Weird.
回答1:
Here's how we bypassed this.
Just create a group
Create a new group
pm2or whatever name works for you$ groupadd pm2Change the
/var/www/folder group owner to grouppm2$ chgrp -R pm2 /var/wwwAdd the other user, let's say bob, to pm2
$ usermod -aG pm2 bob
Now bob can run pm2 commands by changing $HOME to /var/www
$ env HOME=/var/www pm2 list
Or (better still) create an alias as @jcollum suggested
$ alias pm2='env HOME=/var/www pm2'
回答2:
Ok, here is my solution for same problem:
# 1. Create user PM2 and set his password
sudo useradd -d /opt/pm2 -m -s /bin/bash pm2
sudo passwd pm2
# 2. Add users you want to provide the access to PM2 to PM2 group
sudo usermod -aG pm2 <username>
# Note: if you added yourself to pm2 group, perform logout and login back to the host machine
# 3. Set the PM2_HOME variable
sudo touch /etc/profile.d/pm2.sh
sudo sh -c 'echo "export PM2_HOME=\"/opt/pm2/.pm2\"" > /etc/profile.d/pm2.sh'
source /etc/profile.d/pm2.sh
# 4. Install the PM2
# Check the npm prefix if fail:
# https://docs.npmjs.com/misc/config#prefix
sudo npm install pm2 -g
# 5. Make startup script
sudo pm2 startup ubuntu -u pm2 --hp /opt/pm2
sudo systemctl enable pm2-pm2 && \
sudo systemctl start pm2-pm2 && \
sudo systemctl status pm2-pm2
# 6. Change permission of PM2_HOME
sudo chmod -v g+w /opt/pm2/.pm2
# 7. Check the PM2
pm2 status
回答3:
It seems that PM2 saves data under user's '~/.pm2' folder, so other users can not see your PM2 process with 'pm2 status'.
I created a new linux user for PM2, and all users use 'su pm2user' before starting Pm2 process:
$ sudo su pm2user
$ sudo pm2 start app.js
It's a stupid way, but it is simple and works well. Hope this would help :)
回答4:
Assuming you run pm2 as www-data. To have access to that pm2 instance, I do: sudo -u www-data HOME=/var/www pm2 list for example. You can, of course, create a script (e.g. supm2) that does that for you so you can just do supm2 list instead.
回答5:
I've faced a similar issue. The reason may be that you do not have the required permissions, or you do not own the pid and sock files created by pm2. In my case, it was working fine when I started the pm2 from commandline instead of startup. When I used startup, it was running as root user by default. So root was the owner of the pid, sock files
回答6:
I know that I am late to the party, but this is how I did it:
PM2="/usr/share/nodejs/pm2"
USER="me"
useradd $USER
groupadd pm2
chgrp -R pm2 $PM2
usermod -aG pm2 $USER
setfacl -Rdm g:pm2:rwx $PM2
/etc/bash.bashrc etc
export PM2_HOME=$PM2;
来源:https://stackoverflow.com/questions/32178443/how-to-run-pm2-so-other-server-users-are-able-to-access-the-process