tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: JMX Remote connection
Date Thu, 07 Oct 2004 15:53:51 GMT
Remy Maucherat wrote:

> Dominik Drzewiecki wrote:
>>> I couldn't get the attach to process thing to work, though (= 
>>> without a port). Is it supposed to be doable ?
>> Neither have I (I am talking of tomcat running as Windows service). 
>> It seems that both processes : tomcat JVM and jconsole JVM have to be 
>> owned by the same user. Maybe that is the case with you? Hovewer, 
>> starting tomcat from my system account solves the problem.
>> For more info see:
>> <cut>
>> Both jconsole and the application must by executed by the same user 
>> name. The management and monitoring system uses the operating 
>> system's file permissions.
>> </cut>
> I'm running both with the same usename on Windows, and it doesn't 
> work. Since it's Windows and I like to be able to do stuff, I of 
> course run with root privileges. Seems to me it would work on Unix, 
> but is currently broken on Windows (I use XP pro SP 2), or something. 
> Over a TCP port, it works good.
> I couldn't find a comprehensive guide on all these nice system 
> properties, while there's tons of docs on the new command line commands.
> If I use the service, which runs with the SYSTEM account, it of course 
> doesn't work any better ;)

For those interested in not wasting their time the way I just did, I 
just found this:

*Limitation*: On Windows, for security reasons, local monitoring and 
management is only supported if your default Windows temporary directory 
is on a file system that supports persistent access control lists (for 
example, on an NTFS file system). It is not supported on a FAT file 
system that provide insufficient access controls.

I obviously use FAT32, and I have to add that this limitation is quite 
stupid. No multi user setup would run FAT and expect security, so you 
are fine allowing anything you want on FAT (at least, I can't see how it 
makes stuff more secure).


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message