jstack - well-known file is not secure

Question

I am running tomcat 5.5 on x86_64 CentOS 5.7 using 32-bit Oracle Java 1.6.0.

JVM process used by tomcat has 6421 pid. Tomcat is working fine.

When run jstack it fails with:

[root@mybox ~]# jstack 6421 6421: well-known file is not secure 

To get any reasonable output, I need to use force option:

[root@mybox ~]# jstack -F 6421 Attaching to process ID 6421, please wait... Debugger attached successfully. Server compiler detected. JVM version is 17.0-b16 Deadlock Detection:  No deadlocks found. (...) 

The questions are:

1. what does the error message "well-known file is not secure" mean?
2. what is the "well-known" file?
3. why/when does the jstack command not work without a force option?

Thanks in advance.

Answer 1

This is probably due to the file in /tmp used to communicate with the process having different permissions than the one the jstack gets. The file in question is /tmp/hsperfdata_$USER/$PID.

Don't know why it works with -F as the man page just says "Force a stack dump when 'jstack [-l] pid' does not respond."

Answer 2

when -F is used, the jvm will be frozen.

If you can find the file: /tmp/hsperfdata_$USER/$PID. Just try to switch to the $USER, and then exec jstack. You are running with "root", but that process may not belong to root.

if $USER does not have a login shell (i.e. daemon users), and thus can not switch to that user, you can work around this by using sudo -u $USER jstack $PID