Closed
Description
pm2 should use "authentication cookie" to assure only user which started pm2 can talk with the master process. Without it, pm2 started as user1 can be controlled by user2 with no explicit consent hence being a serious security risk. Furthermore, pm2 started as root could then be used to take control over the server by any other user (!!!).
pm2 could create ~/.pm2/.cookie which would then be used to log in to the master process. Allowing other users to access pm2 would require sharing the cookie file with them.
PS. Seeing the whole lot of pull requests not being merged or commented upon I am not sure whether you accept patches.