debian what is the /bin/false file
Currently the node.js app runs here:
you@de:/opt/nginx_server_project$ node server.js
Listening for request
with the following permissions:
you@de:/etc/nginx/sites-available$ ls -l /opt/nginx_server_project/server.js
-rw-r--r-- 1 root root 548 Feb 3 23:47 /opt/nginx_server_project/server.js
you@de:/etc/nginx/sites-available$
Step 1: Prepare the ownership and permission for the service files
Create a dedicated user for security, non-root. The new system user does not login, does not have a home directory, and system user accounts don't have password aging. They are intented for ownership of files and running system services (like mysql, nginx): www-data.
you@de:~$ sudo useradd -r -s /sbin/nologin my-servicer
you@de:~$
-r creates a system account
-s assigns /sbin/nologin (or /bin/false ) unusable login shell to the account.
/bin/false which is a program that returns a 1. If someone tries to log in with this user's command shell, the login fails
Grant this system user my-servicer access to the node.js application library
Here are the permissions before:
you@de:~$ ls -l /opt
total 12
drwxrwxr-x 2 root ndev 4096 Feb 3 22:39 html
drwxrwxr-x 2 root ndev 4096 Feb 3 23:47 nginx_server_project
drwxrwxr-x 3 root ndev 4096 Feb 2 19:09 python_server_project
you@de:~$ ls -l /opt/nginx_server_project
total 8
-rw-r--r-- 1 root root 234 Jan 31 09:34 package.json
-rw-r--r-- 1 root root 548 Feb 3 23:47 server.js
you@de:~$
Here is the change of permissions ( -R changes recursively):
you@de:~$ sudo chown -R my-servicer:my-servicer /opt/nginx_server_project
you@de:~$
you@de:~$ ls -l /opt
total 12
drwxrwxr-x 2 root ndev 4096 Feb 3 22:39 html
drwxrwxr-x 2 my-servicer my-servicer 4096 Feb 3 23:47 nginx_server_project
drwxrwxr-x 3 root ndev 4096 Feb 2 19:09 python_server_project
you@de:~$
you@de:~$ ls -l /opt/nginx_server_project
total 8
-rw-r--r-- 1 my-servicer my-servicer 234 Jan 31 09:34 package.json
-rw-r--r-- 1 my-servicer my-servicer 548 Feb 3 23:47 server.js
you@de:~$
Step 2: Create a systemd Service File
Create a service file with a .service extension in the /etc/systemd/system/ directory.
you@de:~$ sudo touch /etc/systemd/system/nginx_server.serivce
[sudo] password for x:
you@de:~$
Add the following configuration, modifying the Description, ExecStart, WorkingDirectory, and User to match your application's specifics:
[Unit]
Description=My Node.js Application Service
After=network.target
[Service]
Type=simple
User=my-nodejs-app-user
WorkingDirectory=/path/to/your/app/directory
ExecStart=/usr/bin/node /path/to/your/app/app.js
Restart=on-failure
Environment=NODE_ENV=production
[Install]
WantedBy=multi-user.target
Here is the file:
[Unit]
Description=A Node.js Application web server
After=network.target
[Service]
Type=simple
User=my-servicer
WorkingDirectory=/opt/nginx_server_project
ExecStart=/usr/bin/node /opt/nginx_server_project/server.js
Restart=on-failure
Environment=NODE_ENV=production
[Install]
WantedBy=multi-user.target
Added description:
•After=network.target: Ensures the service starts after the network is available.
•ExecStart: Specifies the command to run your application. Replace /usr/bin/node with the output of which node if different.
•Restart=on-failure: Automatically restarts your app if it crashes.
•Environment=NODE_ENV=production: Sets an environment variable, useful for configuring your app's behavior.
Stop the command line process of the app if it is running.
you@de:/opt/nginx_server_project$ node server.js
Listening for request
^C
you@de:/opt/nginx_server_project$
Step 3: Manage the Service
After creating the file, use these commands to manage your new service:
Reload systemd: This tells systemd to recognize the new service file.
sudo systemctl daemon-reload
Enable the service: This ensures the application starts automatically on boot.
sudo systemctl enable my-app.service
Start the service:
sudo systemctl start my-app.service
Check the status and logs:
sudo systemctl status my-app.service
journalctl -u my-app.service -f
The journalctl command with the -f flag allows you to view the live logs (stdout and stderr) of your application. Press Ctrl+C to exit the log viewer.
You can also use sudo systemctl restart my-app.service or sudo systemctl stop my-app.service to manage the service as needed.
Before loading:
you@de:~$ sudo systemctl status nginx_server.service
[sudo] password for x:
○ nginx_server.service - A Node.js Application web server
Loaded: loaded (/etc/systemd/system/nginx_server.service; d>
Active: inactive (dead)
lines 1-3/3 (END)
Press <ctrl-c>you@de to exit
you@de:~$ sudo systemctl daemon-reload
you@de:~$ sudo systemctl enable nginx_server.service
Created symlink '/etc/systemd/system/multi-user.target.wants/nginx_server.service' → '/etc/systemd/system/nginx_server.service'.
you@de:~$ sudo systemctl start nginx_server.service
you@de:~$
you@de:~$ sudo systemctl status nginx_server.service
● nginx_server.service - A Node.js Application web server
Loaded: loaded (/etc/systemd/system/nginx_server.service; e...
Active: active (running) since Wed 2026-02-04 18:43:16 PST;...
Invocation: a4edf49d211b43319fdc2ec7b1372553
Main PID: 2055839 (node)
Tasks: 11 (limit: 2303)
Memory: 12.6M (peak: 16.8M)
CPU: 508ms
CGroup: /system.slice/nginx_server.service
└─2055839 /usr/bin/node /opt/nginx_server_project/s>
Feb 04 18:43:16 c7.xcvvc.com systemd[1]: Started nginx_server.se>
Feb 04 18:43:16 c7.xcvvc.com node[2055839]: Listening for request
lines 1-13/13 (END)