[英]How to run pm2 so other server users are able to access the process?
When I start my Nodejs app with pm2 , other server users are not able to access the process.当我使用 pm2 启动我的Nodejs应用程序时,其他服务器用户无法访问该进程。
Even if I start pm2 from a custom directory (not current user's ~/
, what pm2 is using by default):即使我从自定义目录启动 pm2(不是当前用户的~/
,默认情况下 pm2 使用的目录):
HOME=/var/www pm2 start app.js
Directory is accessible by any user (comparing to ~/
, but there's still no way other server user is able to access the process.任何用户都可以访问目录(与~/
相比,但其他服务器用户仍然无法访问该进程。
When other server user does pm2 list
, it shows him 0 processes are running – but there are (started by another user).当其他服务器用户执行pm2 list
时,它显示他有 0 个进程正在运行 – 但有(由另一个用户启动)。 And when other user tries HOME=/var/www pm2 list
, CLI throws an error:当其他用户尝试HOME=/var/www pm2 list
时,CLI 会抛出错误:
events.js:72
throw er; // Unhandled 'error' event
^
Error: connect EACCES
at errnoException (net.js:905:11)
at Object.afterConnect [as oncomplete] (net.js:896:19)
So I am wondering how to make sure users are able to access pm2 processes run by other server users?所以我想知道如何确保用户能够访问其他服务器用户运行的 pm2 进程? Or it shall be approached differently?还是应该以不同的方式处理?
I am wondering why every server user is able to make git pull
to deploy latest source code from a Git repository, but can't restart pm2
process afterwards?我想知道为什么每个服务器用户都能够从git pull
以部署来自 Git 存储库的最新源代码,但之后无法重新启动pm2
进程? Only the user that started pm2
process is able to restart it… Weird.只有启动pm2
进程的用户才能重新启动它……很奇怪。
Here's how we bypassed this.这是我们绕过这个的方法。
Just create a group只需创建一个组
Create a new group pm2
or whatever name works for you创建一个新组pm2
或任何适合您的名称
$ groupadd pm2
Change the /var/www/
folder group owner to group pm2
将/var/www/
文件夹组所有者更改为组pm2
$ chgrp -R pm2 /var/www
Add the other user, let's say bob, to pm2添加另一个用户,比如说 bob,到 pm2
$ usermod -aG pm2 bob
Now bob can run pm2 commands by changing $HOME to /var/www现在 bob 可以通过将 $HOME 更改为/var/www来运行 pm2 命令
$ env HOME=/var/www pm2 list
Or (better still) create an alias as @jcollum suggested或者(更好)按照@jcollum 的建议创建一个别名
$ alias pm2='env HOME=/var/www pm2'
Ok, here is my solution for same problem:好的,这是我对同一问题的解决方案:
# 1. Create user PM2 and set his password
sudo useradd -d /opt/pm2 -m -s /bin/bash pm2
sudo passwd pm2
# 2. Add users you want to provide the access to PM2 to PM2 group
sudo usermod -aG pm2 <username>
# Note: if you added yourself to pm2 group, perform logout and login back to the host machine
# 3. Set the PM2_HOME variable
sudo touch /etc/profile.d/pm2.sh
sudo sh -c 'echo "export PM2_HOME=\"/opt/pm2/.pm2\"" > /etc/profile.d/pm2.sh'
source /etc/profile.d/pm2.sh
# 4. Install the PM2
# Check the npm prefix if fail:
# https://docs.npmjs.com/misc/config#prefix
sudo npm install pm2 -g
# 5. Make startup script
sudo pm2 startup ubuntu -u pm2 --hp /opt/pm2
sudo systemctl enable pm2-pm2 && \
sudo systemctl start pm2-pm2 && \
sudo systemctl status pm2-pm2
# 6. Change permission of PM2_HOME
sudo chmod -v g+w /opt/pm2/.pm2
# 7. Check the PM2
pm2 status
It seems that PM2 saves data under user's '~/.pm2' folder, so other users can not see your PM2 process with 'pm2 status'. PM2 好像是把数据保存在用户的“~/.pm2”文件夹下,所以其他用户看不到你的 PM2 进程“pm2 status”。
I created a new linux user for PM2, and all users use 'su pm2user' before starting Pm2 process:我为 PM2 创建了一个新的 linux 用户,所有用户在启动 Pm2 进程之前都使用“su pm2user”:
$ sudo su pm2user
$ sudo pm2 start app.js
It's a stupid way, but it is simple and works well.这是一种愚蠢的方法,但它很简单,而且效果很好。 Hope this would help :)希望这会有所帮助:)
Assuming you run pm2 as www-data
.假设您将 pm2 作为www-data
运行。 To have access to that pm2 instance, I do: sudo -u www-data HOME=/var/www pm2 list
for example.要访问该 pm2 实例,我会执行以下操作: sudo -u www-data HOME=/var/www pm2 list
例如。 You can, of course, create a script (eg supm2
) that does that for you so you can just do supm2 list
instead.当然,您可以创建一个脚本(例如supm2
)来为您执行此操作,因此您只需执行supm2 list
。
I've faced a similar issue.我遇到过类似的问题。 The reason may be that you do not have the required permissions, or you do not own the pid and sock files created by pm2.原因可能是你没有所需的权限,或者你没有pm2创建的pid和sock文件。 In my case, it was working fine when I started the pm2 from commandline instead of startup.就我而言,当我从命令行启动 pm2 而不是启动时,它运行良好。 When I used startup, it was running as root user by default.当我使用启动时,它默认以 root 用户身份运行。 So root was the owner of the pid, sock files所以 root 是 pid、sock 文件的所有者
I know that I am late to the party, but this is how I did it:我知道我参加聚会迟到了,但我是这样做的:
PM2="/usr/share/nodejs/pm2"
USER="me"
useradd $USER
groupadd pm2
chgrp -R pm2 $PM2
usermod -aG pm2 $USER
setfacl -Rdm g:pm2:rwx $PM2
/etc/bash.bashrc etc /etc/bash.bashrc 等
export PM2_HOME=$PM2;
I also have the need to use pm2 with multiple users and I found a solution seemed even better.我还需要与多个用户一起使用 pm2,我发现一个解决方案似乎更好。 Here is brief version from Piotr Sobuś's medium article .这是 Piotr Sobuś 的中篇文章的简短版本。
sudo groupadd pm2 # Create pm2 group for user who want manage pm2 together
sudo usermod -a -G pm2 user1 # add yourself to pm2 group
sudo usermod -a -G pm2 user2 # add as many user as you need to pm2 group
# you need to login again for new group to apply to user
sudo mkdir /etc/pm2daemon
sudo chgrp -R pm2 /etc/pm2daemon
sudo chmod -R 770 /etc/pm2daemon
sudo chmod g+s /etc/pm2daemon
Add following lines to ~/.bashrc for users that you want to share pm2 management.为要共享 pm2 管理的用户将以下行添加到 ~/.bashrc。
# PM2 environment
export PM2_HOME=/etc/pm2daemon
If you install pm2 systemd service with pm2 startup.如果您使用 pm2 启动安装 pm2 systemd 服务。 You also need to modify PIDFILE and PM2_HOME in systemd service confgiuration file: /etc/systemd/system/multi-user.target.wants/pm2-YOUR_USER_NAME.service
您还需要修改 systemd 服务配置文件中的 PIDFILE 和 PM2_HOME: /etc/systemd/system/multi-user.target.wants/pm2-YOUR_USER_NAME.service
from:从:
...
Environment=PM2_HOME=/home/YOUR_USER_NAME/.pm2
PIDFile=/home/YOUR_USER_NAME/.pm2/pm2.pid
...
to:到:
...
Environment=PM2_HOME=/etc/pm2daemon
PIDFile=/etc/pm2daemon/pm2.pid
...
After modification, you need to use systemctl daemon-reload
to update systemd configuration.修改后需要使用systemctl daemon-reload
更新systemd配置。 Now start the service with sudo systemctl start pm2-YOUR_USER_NAME.service
.现在使用sudo systemctl start pm2-YOUR_USER_NAME.service
服务。
Then you can now use pm2 across users that you shared.然后您现在可以在您共享的用户之间使用 pm2。
PS.附言。 If you fail to start service with systemctl, kill current pm2 daemon process by pm2 kill
.如果使用 systemctl 启动服务失败,请使用 pm2 pm2 kill
杀死当前的 pm2 守护进程。 Now you should able to use systemctl to start pm2 daemon.现在你应该可以使用 systemctl 来启动 pm2 守护进程了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.