Join the community today
Become a Member

Run Nodejs without root

Discussion in 'Other Web Apps usage' started by Manhhailua, Jul 11, 2016.

  1. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    12:14 AM
    1.11.1
    10.0.x
    I have successfully installed Centmin to my Centos 6.8 x64 VPS. And now I ran into awkward situation:
    - There were quite many advices that I should not run Nodejs as root
    - Centmin main user is nginx and I really don't want to grant /bin/bash to nginx.
    - I create another user named "manhpt". Can I run any Nodejs App as manhpt (all files and folder within app webroot will be chown to manhpt:manhpt)?

    After centmin installation, I got "/home/usertmp_donotdelete" (look like a swap file) and "/home/mysqltmp"... Can I delete them?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,177
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    3:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    nginx needs to be able to read the node.js files so user/group needs to be nginx

    no DO NOT delete them, they're your swap and mysql tmp directories required for your system and MariaDB mysql server
     
    • Informative Informative x 1
  3. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    12:14 AM
    1.11.1
    10.0.x
    So, can I add "manhpt" to group "nginx" and run nodejs as "manhpt"?
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,177
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    3:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    yes in theory you should be able to
     
    • Informative Informative x 1
  5. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    12:14 AM
    1.11.1
    10.0.x
    I have mount a partition "/dev/vdb" to folder "/home/nginx". Then I accidentally lost all of its content. Now I am recreating permissions of "/home/nginx" and "/home/nginx/domains/". I used "ls -l" to show "/home/nginx" permission on another VPS and I saw "drwx--S---". I don't know how to chmod my folder to this kind of permission.
    If I want another user (eg. "manhpt") to write and execute in a specific domain webroot, what is the proper chmod permission to set to that domain folder.
     
    Last edited: Jul 12, 2016
  6. eva2000

    eva2000 Administrator Staff Member

    30,177
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    3:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    If you accidentally deleted the nginx vhost site directories in /home/nginx, you'll need to recreate them using below commands as root user in SSH
    Code (Text):
    umask 027
    mkdir -p /home/nginx/domains
    mkdir -p /home/nginx/domains/demodomain.com/{public,private,log,backup}
    chown -R nginx:nginx /home/nginx
    chmod g+s /home/nginx
    chmod g+s /home/nginx/domains/
    umask 022
    

    You can't use chmod for that as nginx server needs files/folder with nginx user/group. You can add manhpt user to nginx usergroup though Add a User to a Group (or Second Group) on Linux and then manhpt would have access to any file owned by usergroup = nginx though. Which is same was running as nginx user anyway
    Code (Text):
    usermod -a -G nginx manhpt
     
    • Useful Useful x 1
  7. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    12:14 AM
    1.11.1
    10.0.x
    Code:
    [manhpt@corejs-tracking-test-2 ~]$ cd /home/
    [manhpt@corejs-tracking-test-2 home]$ ll
    total 4
    drwx------. 3 khanhpv khanhpv   90 Jul 12 03:53 khanhpv
    drwx------. 3 manhpt  nginx     90 Jul 12 07:58 manhpt
    drwxrwxrwt  2 mysql   mysql      6 Jul 12 06:50 mysqltmp
    drwx--S---  4 nginx   nginx   4096 Jul 12 07:49 nginx
    [manhpt@corejs-tracking-test-2 home]$ cd nginx/
    -bash: cd: nginx/: Permission denied
    [manhpt@corejs-tracking-test-2 home]$ groups manhpt
    manhpt : nginx manhpt
    [manhpt@corejs-tracking-test-2 home]$
    "/home/nginx" permissions is now right but manhpt user cannot access.
    manhpt is added to nginx group.
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,177
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    3:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    looks like you won't be able to with that method. This is why Centmin Mod doesn't supported shared hosting as per FAQ item 2
     
  9. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    12:14 AM
    1.11.1
    10.0.x
    I do not intend to use Centmin for Shared Hosting... I want to use Centmin with its stack as background for my NodeJS apps because I really like Centmin's stack configurations. And, of course, I don't want to execute any apps as root.
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,177
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    3:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    then probably easiest way is to run node.js app as nginx user within /home/nginx/domains/domain.com/yournodejsapp_webroot and use pure-ftpd virtual ftp user to manage ftp uploads Pure-FTPD Virtual FTP Users - CentminMod.com LEMP Nginx web stack for CentOS
     
    • Optimistic Optimistic x 1
  11. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    12:14 AM
    1.11.1
    10.0.x
    So, I now have to allow nginx using /bin/sh. Thank you, eva! :D
     
  12. eva2000

    eva2000 Administrator Staff Member

    30,177
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    3:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    no need just use site's pure-ftpd user for file uploads and for ssh use root to manage and chown files to nginx user
    Code (Text):
    chown -R nginx:nginx /home/nginx/domains/domain.com/yournodejsapp_webroot
     
  13. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    12:14 AM
    1.11.1
    10.0.x
    This means I can start my app as root and let all files belong to nginx!?
    Code:
    $ node app.js // root do this
     
  14. eva2000

    eva2000 Administrator Staff Member

    30,177
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    3:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    in theory yes .. i don't use node.js enough to be 100% sure though
     
    • Agree Agree x 1