1rmid(1) General Commands Manual rmid(1)
2
6 rmid - The Java RMI Activation System Daemon
7 rmid starts the activation system daemon that allows objects to be reg‐
9 istered and activated in a virtual machine (VM).
10
12 rmid [options]
13
16 The rmid tool starts the activation system daemon. The activation sys‐
17 tem daemon must be started before activatable objects can be either
18 registered with the activation system or activated in a VM. See the
19 Java RMI Specification @
20 http://docs.oracle.com/javase/7/docs/platform/rmi/spec/rmiTOC.html and
21 Activation tutorials @
22 http://docs.oracle.com/javase/7/docs/technotes/guides/rmi/activa‐
23 tion/overview.html for details on how to write programs that use acti‐
24 vatable remote objects.
25 The daemon can be started by executing the rmid command, and specifying
27 a security policy file, as follows:
28 rmid -J-Djava.security.policy=rmid.policy
30 Note: When running Sun's implementation of rmid, by default you will
33 need to specify a security policy file so that rmid can verify whether
34 or not the information in each ActivationGroupDesc is allowed to be
35 used to launch a VM for an activation group. Specifically, the command
36 and options specified by the CommandEnvironment and any Properties
37 passed to an ActivationGroupDesc's constructor must now be explicitly
38 allowed in the security policy file for rmid. The value of the
39 sun.rmi.activation.execPolicy property dictates the policy that rmid
40 uses to determine whether or not the information in an Activation‐
41 GroupDesc may be used to launch a VM for an activation group.
42 Executing rmid by default
44 o starts the Activator and an internal registry on the default port,
46 1098, and
47 o binds an ActivationSystem to the name java.rmi.activation.Activa‐
49 tionSystem in this internal registry.
50 To specify an alternate port for the registry, you must specify the
53 -port option when starting up rmid. For example,
54 rmid -J-Djava.security.policy=rmid.policy -port 1099
56 starts the activation system daemon and a registry on the registry's
59 default port, 1099.
60 Starting rmid from inetd/xinetd
62 An alternative to starting rmid from the command line is to configure
63 inetd (Solaris) or xinetd (Linux) to start rmid on demand.
64 When rmid starts up, it attempts to obtain an inherited channel (inher‐
66 ited from inetd/xinetd) by invoking the System.inheritedChannel method.
67 If the inherited channel is null or not an instance of java.nio.chan‐
68 nels.ServerSocketChannel, then rmid assumes that it was not started by
69 inetd/xinetd, and it starts up as described above.
70 If the inherited channel is a ServerSocketChannel instance, then rmid
72 uses the java.net.ServerSocket obtained from the ServerSocketChannel as
73 the server socket that accepts requests for the remote objects it
74 exports, namely the registry in which the java.rmi.activation.Activa‐
75 tionSystem is bound and the java.rmi.activation.Activator remote
76 object. In this mode, rmid behaves the same as when it is started from
77 the command line, except:
78 o Output printed to System.err is redirected to a file. This file is
80 located in the directory specified by the java.io.tmpdir system
81 property (typically /var/tmp or /tmp) with the prefix "rmid-err"
82 and the suffix "tmp".
83 o The -port option is disallowed. If this option is specified, rmid
85 will exit with an error message.
86 o The -log option is required. If this option is not specified, rmid
88 will exit with an error message.
89 See the man pages for inetd (Solaris) or xinetd (Linux) for details on
92 how to configure services to be started on demand.
93
95 -C<someCommandLineOption>
96 Specifies an option that is passed as a command-line argument to
97 each child process (activation group) of rmid when that process
98 is created. For example, you could pass a property to each vir‐
99 tual machine spawned by the activation system daemon:
100 rmid -C-Dsome.property=value
101 This ability to pass command-line arguments to child processes
102 can be useful for debugging. For example, the following command:
103 rmid -C-Djava.rmi.server.logCalls=true
104 will enable server-call logging in all child VMs.
105 -J<someCommandLineOption>
107 Specifies an option that is passed to the java interpreter run‐
108 ning rmid. For example, to specify that rmid use a policy file
109 named rmid.policy, the -J option can be used to define the
110 java.security.policy property on rmid's command line, for exam‐
111 ple:
112 rmid -J-Djava.security.policy=rmid.policy
113 -J-Dsun.rmi.activation.execPolicy=<policy>
115 Specifies the policy that rmid employs to check commands and com‐
116 mand-line options used to launch the VM in which an activation
117 group runs. Please note that this option exists only in Sun's
118 implementation of the Java RMI activation daemon. If this prop‐
119 erty is not specified on the command line, the result is the same
120 as if -J-Dsun.rmi.activation.execPolicy=default were specified.
121 The possible values of <policy> can be default, <policyClass‐
122 Name>, or none:
123 o default (or if this property is unspecified)
125 The default execPolicy allows rmid to execute commands with spe‐
127 cific command-line options only if rmid has been granted permis‐
128 sion to execute those commands and options in the security policy
129 file that rmid uses. Only the default activation group implemen‐
130 tation can be used with the default execution policy.
131 rmid launches a VM for an activation group using the information
133 in the group's registered activation group descriptor, an Activa‐
134 tionGroupDesc. The group descriptor specifies an optional Activa‐
135 tionGroupDesc.CommandEnvironment which includes the command to
136 execute to start the activation group as well as any command line
137 options to be added to the command line. By default, rmid uses
138 the java command found in java.home. The group descriptor also
139 contains properties overrides that are added to the command line
140 as options defined as:
141 -D<property>=<value>
142 The permission com.sun.rmi.rmid.ExecPermission is used to grant
144 rmid permission to execute a command, specified in the group
145 descriptor's CommandEnvironment to launch an activation group.
146 The permission com.sun.rmi.rmid.ExecOptionPermission is used to
147 allow rmid to use command-line options, specified as properties
148 overrides in the group descriptor or as options in the CommandEn‐
149 vironment, when launching the activation group.
150 When granting rmid permission to execute various commands and
152 options, the permissions ExecPermission and ExecOptionPermission
153 need to be granted universally (i.e., granted to all code
154 sources).
155 ExecPermission
157 The ExecPermission class represents permission for rmid to
158 execute a specific command to launch an activation group.
159 Syntax
161 The name of an ExecPermission is the path name of a command to
162 grant rmid permission to execute. A path name that ends in
163 "/*" indicates all the files contained in that directory
164 (where "/" is the file-separator character, File.separator‐
165 Char). A path name that ends with "/-" indicates all files and
166 subdirectories contained in that directory (recursively). A
167 path name consisting of the special token "<<ALL FILES>>"
168 matches any file.
169 Note: A path name consisting of a single "*" indicates all the
171 files in the current directory, while a path name consisting
172 of a single "-" indicates all the files in the current direc‐
173 tory and (recursively) all files and subdirectories contained
174 in the current directory.
175 ExecOptionPermission
177 The ExecOptionPermission class represents permission for
178 rmid to use a specific command-line option when launching
179 an activation group. The name of an ExecOptionPermission is
180 the value of a command line option.
181 Syntax
183 Options support a limited wildcard scheme. An asterisk signi‐
184 fies a wildcard match, and it may appear as the option name
185 itself (i.e., it matches any option), or an asterisk may
186 appear at the end of the option name only if the asterisk fol‐
187 lows either a "." or "=".
188 For example: "*" or "-Dfoo.*" or "-Da.b.c=*" is valid, "*foo"
190 or "-Da*b" or "ab*" is not.
191 Policy file for rmid
193 When granting rmid permission to execute various commands
194 and options, the permissions ExecPermission and ExecOption‐
195 Permission need to be granted universally (i.e., granted to
196 all code sources). It is safe to grant these permissions
197 universally because only rmid checks these permissions.
198 An example policy file that grants various execute permissions
200 to rmid is:
201 grant {
202 permission com.sun.rmi.rmid.ExecPermission
203 "/files/apps/java/jdk1.7.0/solaris/bin/java";
204 permission com.sun.rmi.rmid.ExecPermission
206 "/files/apps/rmidcmds/*";
207 permission com.sun.rmi.rmid.ExecOptionPermission
209 "-Djava.security.policy=/files/policies/group.policy";
210 permission com.sun.rmi.rmid.ExecOptionPermission
212 "-Djava.security.debug=*";
213 permission com.sun.rmi.rmid.ExecOptionPermission
215 "-Dsun.rmi.*";
216 };
217 The first permission granted allow rmid to execute the 1.7.0
218 version of the java command, specified by its explicit path
219 name. Note that by default, the version of the java command
220 found in java.home is used (the same one that rmid uses), and
221 does not need to be specified in the policy file. The second
222 permission allows rmid to execute any command in the directory
223 /files/apps/rmidcmds.
224 The third permission granted, an ExecOptionPermission, allows
226 rmid to launch an activation group that defines the security
227 policy file to be /files/policies/group.policy. The next per‐
228 mission allows the java.security.debug property to be used by
229 an activation group. The last permission allows any property
230 in the sun.rmi property name hierarchy to be used by activa‐
231 tion groups.
232 To start rmid with a policy file, the java.security.policy
234 property needs to be specified on rmid's command line, for
235 example:
236 rmid -J-Djava.security.policy=rmid.policy
238 o <policyClassName>
240 If the default behavior is not flexible enough, an administrator
242 can provide, when starting rmid, the name of a class whose check‐
243 ExecCommand method is executed in order to check commands to be
244 executed by rmid.
245 The policyClassName specifies a public class with a public,
247 no-argument constructor and an implementation of the following
248 checkExecCommand method:
249 public void checkExecCommand(ActivationGroupDesc desc,
250 String[] command)
251 throws SecurityException;
252 Before launching an activation group, rmid calls the policy's
253 checkExecCommand method, passing it the activation group descrip‐
254 tor and an array containing the complete command to launch the
255 activation group. If the checkExecCommand throws a SecurityExcep‐
256 tion, rmid will not launch the activation group and an Activa‐
257 tionException will be thrown to the caller attempting to activate
258 the object.
259 o none
261 If the sun.rmi.activation.execPolicy property value is "none",
263 then rmid will not perform any validation of commands to launch
264 activation groups.
265 -log dir
267 Specifies the name of the directory the activation system daemon
268 uses to write its database and associated information. The log
269 directory defaults to creating a directory, log, in the directory
270 in which the rmid command was executed.
271 -port port
273 Specifies the port rmid's registry uses. The activation system
274 daemon binds the ActivationSystem, with the name java.rmi.activa‐
275 tion.ActivationSystem, in this registry. Thus, the ActivationSys‐
276 tem on the local machine can be obtained using the following Nam‐
277 ing.lookup method call:
278 import java.rmi.*;
279 import java.rmi.activation.*;
280 ActivationSystem system; system = (ActivationSystem)
282 Naming.lookup("//:port/java.rmi.activation.ActivationSystem");
283 -stop
285 Stops the current invocation of rmid, for a port specified by the
286 -port option. If no port is specified, it will stop the rmid run‐
287 ning on port 1098.
288
291 CLASSPATH
292 Used to provide the system a path to user-defined classes. Direc‐
293 tories are separated by colons. For example:
294 .:/usr/local/java/classes
295
298 rmic(1), CLASSPATH @
299 http://docs.oracle.com/javase/7/docs/technotes/tools/index.html#class‐
300 path, java(1)
301 16 Mar 2012 rmid(1)