The problem to attach to a JVM running with other user credentials is, that the Unix domain socket must be effectively owned
by the user which process wants to attach to the target. As the socket must be created by the target JVM there is no way
without using root
privileges in between to change the permission.
example 1
user1 java -cp $JAVA_HOME/lib/tools.jar:. AttachTarget
user2 java -cp $JAVA_HOME/lib/tools.jar:. AttachClient pid_of_user1_jvm
will fail with java.io.IOException: Operation not permitted
example 2
user1 java -cp $JAVA_HOME/lib/tools.jar:. -XX:+StartAttachListener AttachTarget
user2 java -cp $JAVA_HOME/lib/tools.jar:. AttachClient pid_of_user1_jvm
will fail with java.io.IOException: well-known file is not secure
(see LinuxVirtualMachine.c)
example 3
user1 java -cp $JAVA_HOME/lib/tools.jar:. -XX:+StartAttachListener AttachTarget
root chown user2.user2 /tmp/.java_pid${pid_of_user1_jvm}
user2 java -cp $JAVA_HOME/lib/tools.jar:. AttachClient pid_of_user1_jvm
will attach to the user1 JVM vm = sun.tools.attach.LinuxAttachProvider@62766e80: ...
example 4
user1 java -cp $JAVA_HOME/lib/tools.jar:. AttachTarget
root touch /proc/${pid_of_user1_jvm}/cwd/.attach_pid${pid_of_user1_jvm}
root kill -s 3 pid_of_user1_jvm
root chown user2.user2 /tmp/.java_pid${pid_of_user1_jvm}
user2 java -cp $JAVA_HOME/lib/tools.jar:. AttachClient pid_of_user1_jvm
will attach to the user1 JVM vm = sun.tools.attach.LinuxAttachProvider@62766e80: ...
Which JDK is this? With the Oracle JDK (8, but also older versions, I think), there is no
/tmp/.java_pid$PID
file - there is a/tmp/hsperfdata_$USERNAME/$PID
file though