I'm about to deploy a highly secure production server, which is running an nginx reverse proxy, which points to the backend server on nodeJS. When a user starts the server by typing in the "pm2 start server.js" command, whichever user ran this command, becomes the owner of the pm2 server. I don't want to run it on my account (which has sudo privileges with no password), incase If somehow a hostile party compromises the code, they would be able to run commands as root.
Which user should start pm2 to ensure that if there is compromised code, the attacker won't have full control of the system?
The default user for apache & nginx is www-data, why is there no default user for pm2?
