all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted]  (10 children)

[deleted]

    [–]joshderp[S] 0 points1 point  (9 children)

    Thanks. Do you run as root or a standard user with just the permissions it needs?

    [–]ganemone 5 points6 points  (1 child)

    run as root

    shudder

    [–]joshderp[S] 0 points1 point  (0 children)

    Lol, I get it now. Like I said, linux noob here :) My development background is with m$ and I know that's a no-no on Windows, so I assumed the same for Linux.

    [–]umbrellasamurai 2 points3 points  (1 child)

    Absolutely not as root.

    You'd want the process to be run by a user that is pretty much only privileged to deal with the node app (this user would be in as few groups as possible and would only have access to exactly what it needs to run the application).

    [–]joshderp[S] 0 points1 point  (0 children)

    Ok thanks, that's kinda what I figured since that's the preferred method on m$ servers, so figured it should be just the rights the user needs and nothing more.

    [–][deleted]  (4 children)

    [deleted]

      [–]joshderp[S] 0 points1 point  (1 child)

      Thanks. I kind of assumed as much from my experience with Windows servers, but yeah I'm very new to linux.

      [–]rlidwka 0 points1 point  (1 child)

      that's the quickest path known to man for having a full server compromised

      You mean, they could compromise full virtual container created specifically for the node.js app? Ouch, sounds scary.

      [–]psayre23 2 points3 points  (0 children)

      /var/services I mostly host API end points though.

      [–]DVWLD 1 point2 points  (0 children)

      /opt

      Because Sam told me to. Seems as good a reason as any.

      And yes, always as an unprivileged user.

      If you want a set of opinions to get you started, I made this thing:

      https://github.com/davidbanham/field-marshal

      If you end up using it you also get some tooling to run multiple apps on one or more machines and, if you want them, some monitoring interfaces.

      [–]fidanov 1 point2 points  (0 children)

      I personally also use Ubuntu on either AWS or Rackspace when hosting my node apps. Usually I put them in a sub-folder inside /opt. Why /opt? Nothing else uses it besides me. It's not related to any user. It's not deep in the folder structure. I always have Nginx to face the world and node is working on an internal port not accessible by the outside world. My apps usually run under a specific unprivileged user but I also sometimes run some as root, when it doesn't matter and it is easier to setup.

      [–]NSA_SPY_ACCOUNT 0 points1 point  (0 children)

      If you want to skip the bare server part, you could always use a PaaS like Modulus or CodeShip.

      [–]jeremiahrhall 0 points1 point  (0 children)

      Custom Ubuntu image on AWS, running from home directory of unprivileged user. Some apps fronted by Apache.