Learn about Centmin Mod LEMP Stack today
Register Now

Run Nodejs without root

Discussion in 'Other Web Apps usage' started by Manhhailua, Jul 11, 2016.

  1. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    10:45 AM
    1.11.1
    10.0.x
    I have successfully installed Centmin to my Centos 6.8 x64 VPS. And now I ran into awkward situation:
    - There were quite many advices that I should not run Nodejs as root
    - Centmin main user is nginx and I really don't want to grant /bin/bash to nginx.
    - I create another user named "manhpt". Can I run any Nodejs App as manhpt (all files and folder within app webroot will be chown to manhpt:manhpt)?

    After centmin installation, I got "/home/usertmp_donotdelete" (look like a swap file) and "/home/mysqltmp"... Can I delete them?

     
  2. eva2000

    eva2000 Administrator Staff Member

    53,508
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    1:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    nginx needs to be able to read the node.js files so user/group needs to be nginx

    no DO NOT delete them, they're your swap and mysql tmp directories required for your system and MariaDB mysql server
     
  3. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    10:45 AM
    1.11.1
    10.0.x
    So, can I add "manhpt" to group "nginx" and run nodejs as "manhpt"?
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,508
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    1:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes in theory you should be able to
     
  5. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    10:45 AM
    1.11.1
    10.0.x
    I have mount a partition "/dev/vdb" to folder "/home/nginx". Then I accidentally lost all of its content. Now I am recreating permissions of "/home/nginx" and "/home/nginx/domains/". I used "ls -l" to show "/home/nginx" permission on another VPS and I saw "drwx--S---". I don't know how to chmod my folder to this kind of permission.
    If I want another user (eg. "manhpt") to write and execute in a specific domain webroot, what is the proper chmod permission to set to that domain folder.
     
    Last edited: Jul 12, 2016
  6. eva2000

    eva2000 Administrator Staff Member

    53,508
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    1:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    If you accidentally deleted the nginx vhost site directories in /home/nginx, you'll need to recreate them using below commands as root user in SSH
    Code (Text):
    umask 027
    mkdir -p /home/nginx/domains
    mkdir -p /home/nginx/domains/demodomain.com/{public,private,log,backup}
    chown -R nginx:nginx /home/nginx
    chmod g+s /home/nginx
    chmod g+s /home/nginx/domains/
    umask 022
    

    You can't use chmod for that as nginx server needs files/folder with nginx user/group. You can add manhpt user to nginx usergroup though Add a User to a Group (or Second Group) on Linux and then manhpt would have access to any file owned by usergroup = nginx though. Which is same was running as nginx user anyway
    Code (Text):
    usermod -a -G nginx manhpt
     
  7. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    10:45 AM
    1.11.1
    10.0.x
    Code:
    [manhpt@corejs-tracking-test-2 ~]$ cd /home/
    [manhpt@corejs-tracking-test-2 home]$ ll
    total 4
    drwx------. 3 khanhpv khanhpv   90 Jul 12 03:53 khanhpv
    drwx------. 3 manhpt  nginx     90 Jul 12 07:58 manhpt
    drwxrwxrwt  2 mysql   mysql      6 Jul 12 06:50 mysqltmp
    drwx--S---  4 nginx   nginx   4096 Jul 12 07:49 nginx
    [manhpt@corejs-tracking-test-2 home]$ cd nginx/
    -bash: cd: nginx/: Permission denied
    [manhpt@corejs-tracking-test-2 home]$ groups manhpt
    manhpt : nginx manhpt
    [manhpt@corejs-tracking-test-2 home]$
    "/home/nginx" permissions is now right but manhpt user cannot access.
    manhpt is added to nginx group.
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,508
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    1:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    looks like you won't be able to with that method. This is why Centmin Mod doesn't supported shared hosting as per FAQ item 2
     
  9. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    10:45 AM
    1.11.1
    10.0.x
    I do not intend to use Centmin for Shared Hosting... I want to use Centmin with its stack as background for my NodeJS apps because I really like Centmin's stack configurations. And, of course, I don't want to execute any apps as root.
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,508
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    1:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    then probably easiest way is to run node.js app as nginx user within /home/nginx/domains/domain.com/yournodejsapp_webroot and use pure-ftpd virtual ftp user to manage ftp uploads Pure-FTPD Virtual FTP Users - CentminMod.com LEMP Nginx web stack for CentOS
     
  11. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    10:45 AM
    1.11.1
    10.0.x
    So, I now have to allow nginx using /bin/sh. Thank you, eva! :D
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,508
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    1:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no need just use site's pure-ftpd user for file uploads and for ssh use root to manage and chown files to nginx user
    Code (Text):
    chown -R nginx:nginx /home/nginx/domains/domain.com/yournodejsapp_webroot
     
  13. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    10:45 AM
    1.11.1
    10.0.x
    This means I can start my app as root and let all files belong to nginx!?
    Code:
    $ node app.js // root do this
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,508
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    1:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    in theory yes .. i don't use node.js enough to be 100% sure though
     
  15. aditbaco

    aditbaco New Member

    8
    0
    1
    Aug 29, 2021
    Ratings:
    +0
    Local Time:
    10:45 AM
    1.17.x
    10.0.x
    use PM2 instead for production mode, then you don't need to bother with sudo permission. :)