rmid(1) rmid(1)
NAME
rmid - RMI activation system daemon
SYNOPSIS
rmid [ options ]
DESCRIPTION
The rmid tool starts the activation system daemon. Before
activatable objects can be either registered with the
activation system or activated in a Java VM, the activa-
tion system daemon must be started. See the RMI Specifi-
cation and Activation Tutorials for details on how to
write programs that use activatable remote objects.
The daemon can be started by executing the rmid command,
and specifying a security policy file, as follows:
example% rmid -J-Djava.security.policy=rmid.policy
Note: When running Sun's implementation of rmid, by
default you will need to specify a security policy file so
that rmid can verify whether or not the information in
each ActivationGroupDesc is allowed to be used to launch a
JVM for an activation group. Specifically, the command
and options specified by the CommandEnvironment and any
Properties passed to an ActivationGroupDesc's constructor
must now be explicitly allowed in the security policy file
for rmid. The value of the sun.rmi.activation.execPolicy
property dictates the policy that rmid uses to determine
whether or not the information in an ActivationGroupDesc
may be used to launch a JVM for an activation group.
Executing rmid by default
o starts the Activator and an internal registry on
the default port, 1098, and
o binds an ActivationSystem to the name
java.rmi.activation.ActivationSystem in this
internal registry.
To specify an alternate port for the registry, you must
specify the -port option when starting up rmid. For exam-
ple,
rmid -J-Djava.security.policy=rmid.policy -port 1099
starts the activation system daemon and a registry on the
registry's default port, 1099.
OPTIONS
The following options are supported:
-CsomeCommandLineOption
Specifies an option that is passed as a command-
line argument to each child process (activation
group) of rmid when that process is created. For
example, you could pass a property to each Java
virtual machine spawned by the activation system
daemon:
rmid -C-Dsome.property=value
This ability to pass command-line arguments o child
processes can be useful for debugging. For exam-
ple, the following command:
rmid -C-Djava.rmi.server.logCalls=true
will enable server-call logging in all child JVMs.
-JsomeCommandLineOption
Specifies an option that is passed to the java
interpreter running rmid. For example, to specify
that rmid use a policy file named rmid.policy, the
-J option can be used to define the java.secu-
rity.policy property on rmid's command line. For
example:
rmid -J-Djava.security.policy=rmid.policy
-J-Dsun.rmi.activation.execPolicy=policy
Specifies the policy that rmid employs to check
commands and command-line options used to launch
the JVM in which an activation group runs. Please
note that this option exists only in Sun's imple-
mentation of the RMI activation daemon. If this
property is not specified on the command line, the
result is the same as if -J-Dsun.rmi.activa-
tion.execPolicy=default were specified. The possi-
ble values of policy can be default, policyClass-
Name, or none:
o default (or if this property is unspecified) The
default execPolicy allows rmid to execute com-
mands with specific command-line options only if
rmid has been granted permission to execute those
commands and options in the security policy file
that rmid uses. Only the default activation
group implementation can be used with the default
execution policy.
rmid launches a JVM for an activation group using
the information in the group's registered activa-
tion group descriptor, an ActivationGroupDesc.
The group descriptor specifies an optional Acti-
vationGroupDesc.CommandEnvironment which includes
the command to execute to start the activation
group as well as any command line options to be
added to the command line. By default, rmid uses
the java command found at ${JAVA_HOME}/bin/java.
The group descriptor also contains properties
overrides that are added to the command line as
options defined as:
-Dproperty=value
The permission com.sun.rmi.rmid.ExecPermission is
used to grant rmid permission to execute a com-
mand, specified in the group descriptor's Comman-
dEnvironment to launch an activation group. The
permission com.sun.rmi.rmid.ExecOptionPermission
is used to allow rmid to use command-line
options, specified as properties overrides in the
group descriptor or as options in the CommandEn-
vironment, when launching the activation group.
When granting rmid permission to execute various
commands and options, the permissions
ExecPermission and ExecOptionPermission need to
be granted universally (that is, granted to all
code sources).
ExecPermission
The ExecPermission class represents per-
mission for rmid to execute a specific
command to launch an activation group.
Syntax
The name of an ExecPermission is the path
name of a command to grant rmid permission
to execute. A path name that ends in "/*"
indicates all the files contained in that
directory (where "/" is the file-separator
character, File.separatorChar). A path
name that ends with "/-" indicates all
files and subdirectories contained in that
directory (recursively). A path name con-
sisting of the special token "<<ALL
FILES>>" matches any file.
Note: A path name consisting of a single
"*" indicates all the files in the current
directory, while a path name consisting of
a single "-" indicates all the files in
the current directory and (recursively)
all files and subdirectories contained in
the current directory.
ExecOptionPermission
The ExecOptionPermission class represents
permission for rmid to use a specific com-
mand-line option when launching an activa-
tion group. The name of an ExecOptionPer-
mission is the value of a command line
option.
Syntax
Options support a limited wildcard scheme.
An asterisk signifies a wildcard match,
and it may appear as the option name
itself (that is, it matches any option),
or an asterisk may appear at the end of
the option name only if the asterisk fol-
lows either a "." or "=".
For example: "*" or "-Dfoo.*" or
"-Da.b.c=*" is valid; "*foo" or "-Da*b" or
"ab*" is not.
Policy file for rmid
When granting rmid permission to execute various
commands and options, the permissions ExecPermis-
sion and ExecOptionPermission need to be granted
universally (that is, granted to all code
sources). It is safe to grant these permissions
universally because only rmid checks these per-
missions.
An example policy file that grants various exe-
cute permissions to rmid is:
grant {
permission com.sun.rmi.rmid.ExecPermission
"/files/apps/java/jdk1.2.2/solaris/bin/java";
permission com.sun.rmi.rmid.ExecPermission
"/files/apps/java/jdk1.2.2/solaris/bin/java_g";
permission com.sun.rmi.rmid.ExecPermission
"/files/apps/rmidcmds/*";
permission com.sun.rmi.rmid.ExecOptionPermission
"-Djava.security.policy=/files/policies/group.policy";
permission com.sun.rmi.rmid.ExecOptionPermission
"-Djava.security.debug=*";
permission com.sun.rmi.rmid.ExecOptionPermission
"-Dsun.rmi.*";
};
The first two permissions granted allow rmid to
execute the 1.2.2 version of the java and java_g
commands, specified by their explicit path names.
Note that by default, the version of the java
command found at ${JAVA_HOME}/bin/java is used
(the same one that rmid uses), and does not need
to be specified in the policy file. The third
permission allows rmid to execute any command in
the directory /files/apps/rmidcmds.
The fourth permission granted, an ExecOptionPer-
mission, allows rmid to launch an activation
group that defines the security policy file to be
/files/policies/group.policy. The next permis-
sion allows the java.security.debug property to
be used by an activation group. The last permis-
sion allows any property in the sun.rmi property
name hierarchy to be used by activation groups.
To start rmid with a policy file, the java.secu-
rity.policy property needs to be specified on
rmid's command line. For example:
rmid -J-Djava.security.policy=rmid.policy
o policyClassName
If the default behavior is not flexible enough,
an administrator can provide, when starting rmid,
the name of a class whose checkExecCommand method
is executed in order to check commands to be exe-
cuted by rmid.
The policyClassName specifies a public class with
a public, no-argument constructor and an imple-
mentation of the following checkExecCommand
method:
public void checkExecCommand(ActivationGroupDesc desc,
String[] command)
throws SecurityException;
Before launching an activation group, rmid calls
the policy's checkExecCommand method, passing it
the activation group descriptor and an array con-
taining the complete command to launch the acti-
vation group. If the checkExecCommand throws a
SecurityException, rmid will not launch the acti-
vation group and an ActivationException will be
thrown to the caller attempting to activate the
object.
o none
If the sun.rmi.activation.execPolicy property
value is "none", then rmid will not perform any
validation of commands to launch activation
groups.
-log dir
Specifies the name of the directory the activation
system daemon uses to write its database and asso-
ciated information. The log directory defaults to
creating a directory, log, in the directory in
which the rmid command was executed.
-port port
Specifies the port rmid's registry uses. The acti-
vation system daemon binds the ActivationSystem,
with the name java.rmi.activation.ActivationSystem,
in this registry. Thus, the ActivationSystem on
the local machine can be obtained using the follow-
ing Naming.lookup method call:
import java.rmi.*;
import java.rmi.activation.*;
ActivationSystem system;
system = (ActivationSystem)
Naming.lookup("//:port/java.rmi.activation.ActivationSystem");
-stop Stops the current invocation of rmid, for a port
specified by the -port option. If no port is spec-
ified, it will stop the rmid running on port 1098.
ENVIRONMENT VARIABLES
CLASSPATH Used to provide the system a path to
user-defined classes. Directories are
separated by colons. For example,
example% .:/Users/vlh/classes:/Users/Shared/classes
SEE ALSO
rmic(1)
See (or search java.sun.com) for the following:
Setting the Classpath @
http://java.sun.com/j2se/1.3/docs/tooldocs/solaris/class-
path.html
RMI Specification @
http://java.sun.com/j2se/1.3/docs/guide/rmi/spec/rmi-
TOC.doc.html
14 July 2000 rmid(1)