问题
I want to write an unprivileged (non-root-access) JMX client program that monitors a privileged (running as root) application that has JMX local access enabled -Dcom.sun.management.jmxremote .
At least on MacOSX, jconsole (and jps) don't see root processes when I run as myself.
Is this just the fact of life here, or is there some way to configure this?
回答1:
If your client is not permitted to see the root process, then you cannot attach by PID. What you need is to have the root application load a JMXServer that will listen on a [>1024] port and then you can connect through the port rather than by PID. The easiest way to do this would be to specify a couple of more system properties which will trigger the JVM to load a JMX server automatically. For example (these are all the most insecure):
- -Dcom.sun.management.jmxremote.authenticate=false
- -Dcom.sun.management.jmxremote.ssl=false
- -Dcom.sun.management.jmxremote.port=7777
See JMX Management and Monitoring Properties.
To create a JMXServer programmatically, see the JavaDoc for javax.management.remote. There is a really good guide/tutorial on this topic here.
回答2:
JMX uses a simple TCP port that you can define with some command-line options. If the port is open, anyone (included non-priviledged users) should be able to see it.
As for the process itself, jps cannot see other user's process, but you can see then with "ps aux".
来源:https://stackoverflow.com/questions/4462236/access-control-to-jmx-local-monitoring