Manual Pages for UNIX Darwin command on man rmid

rmid(1) rmid(1)

NAME

rmid - RMI activation system daemon

SYNOPSIS

rrmmiidd [ options ]

DESCRIPTION

The rrmmiidd tool starts the activation system daemon. Before activatable

objects can be either registered with the activation system or acti-

vated in a Java VM, the activation system daemon must be started. See the RMI Specification and Activation Tutorials for details on how to write programs that use activatable remote objects. The daemon can be started by executing the rrmmiidd command, and specifying a security policy file, as follows:

eexxaammppllee%% rrmmiidd -JJ-DDjjaavvaa..sseeccuurriittyy..ppoolliiccyy==rrmmiidd..ppoolliiccyy

Note: When running Sun's implementation of rrmmiidd, by default you will need to specify a security policy file so that rrmmiidd ccaann vveerriiffyy wwhheetthheerr oorr nnoott tthhee iinnffoorrmmaattiioonn iinn eeaacchh AAccttiivvaattiioonnGGrroouuppDDeesscc is allowed to be

used to launch a JVM for an activation group. Specifically, the com-

mand and options specified by the CCoommmmaannddEEnnvviirroonnmmeenntt and any PPrrooppeerrttiieess passed to an AAccttiivvaattiioonnGGrroouuppDDeesscc's constructor must now be explicitly allowed in the security policy file for rrmmiidd. The value of the ssuunn..rrmmii..aaccttiivvaattiioonn..eexxeeccPPoolliiccyy property dictates the policy that rrmmiidd

uses to determine whether or not the information in an AAccttiivvaattiioonn-

GGrroouuppDDeesscc may be used to launch a JVM for an activation group. Executing rrmmiidd by default +o starts the Activator and an internal registry on the default port, 11009988, and

+o binds an AAccttiivvaattiioonnSSyysstteemm to the name jjaavvaa..rrmmii..aaccttiivvaa-

ttiioonn..AAccttiivvaattiioonnSSyysstteemm in this internal registry. To specify an alternate port for the registry, you must specify the

-ppoorrtt option when starting up rrmmiidd. For example,

rrmmiidd -JJ-DDjjaavvaa..sseeccuurriittyy..ppoolliiccyy==rrmmiidd..ppoolliiccyy -ppoorrtt 11009999

starts the activation system daemon and a registry on the registry's default port, 11009999. SSttaarrttiinngg rrmmiidd ffrroomm iinneettdd//xxiinneettdd

An alternative to starting rmid from the command line is to configure

inetd (Solaris) or xinetd (Linux) to start rmid on demand.

When rmid starts up, it attempts to obtain an inherited channel (inher-

ited from inetd/xinetd) by invoking the System.inheritedChannel method.

If the inherited channel is null, then rmid was started from the com-

mand line, and it starts up as described above.

If the inherited channel is not an instance of java.io.channels.Server-

SocketChannel, rmid exits.

If the inherited channel is a ServerSocketChannel instance, then rmid

uses the java.net.ServerSocket obtained from the ServerSocketChannel as the server socket that accepts requests for the remote objects it

exports, namely the registry in which the java.rmi.activation.Activa-

tionSystem is bound and the java.rmi.activation.Activator remote object.

The rmid tool, when started from inetd/xinetd, behaves the same as when

it is started from the command line, except: +o Output printed to System.err is redirected to a file. This file is located in the directory specified by the java.io.tmpdir system property (typically /var/tmp or /tmp) with the

prefix "rmid-err" and the suffix "tmp".

+o The -port option is disallowed. If this

option is specified, rmid will exit with an error message.

+o The -log option is required. If this option

is not specified, rmid will exit with an error message.

See the man pages for inetd (Solaris) or xinetd (Linux) for details on how to configure services to be started on demand. OOPPTTIIOONNSS

-CCsomeCommandLineOption

Specifies an option that is passed as a command-line argument to

each child process (activation group) of rrmmiidd when that process is created. For example, you could pass a property to each Java virtual machine spawned by the activation system daemon:

rrmmiidd -CC-DDssoommee..pprrooppeerrttyy==vvaalluuee

This ability to pass command-line arguments o child processes

can be useful for debugging. For example, the following com-

mand:

rrmmiidd -CC-DDjjaavvaa..rrmmii..sseerrvveerr..llooggCCaallllss==ttrruuee

will enable server-call logging in all child JVMs.

-JJsomeCommandLineOption

Specifies an option that is passed to the java interpreter run-

ning rrmmiidd. For example, to specify that rrmmiidd use a policy file

named rrmmiidd..ppoolliiccyy, the -JJ option can be used to define the

jjaavvaa..sseeccuurriittyy..ppoolliiccyy property on rrmmiidd's command line. For exam-

ple:

rrmmiidd -JJ-DDjjaavvaa..sseeccuurriittyy..ppoolliiccyy==rrmmiidd..ppoolliiccyy

-JJ-DDssuunn..rrmmii..aaccttiivvaattiioonn..eexxeeccPPoolliiccyy==policy

Specifies the policy that rrmmiidd employs to check commands and

command-line options used to launch the JVM in which an activa-

tion group runs. Please note that this option exists only in Sun's implementation of the RMI activation daemon. If this property is not specified on the command line, the result is the

same as if -JJ-DDssuunn..rrmmii..aaccttiivvaattiioonn..eexxeeccPPoolliiccyy==ddeeffaauulltt were speci-

fied. The possible values of policy can be ddeeffaauulltt, policy-

ClassName, or nnoonnee: +o default (or if this property is unspecified) The default

eexxeeccPPoolliiccyy allows rrmmiidd to execute commands with specific com-

mand-line options only if rrmmiidd has been granted permission to

execute those commands and options in the security policy file

that rrmmiidd uses. Only the default activation group implementa-

tion can be used with the default execution policy.

rrmmiidd launches a JVM for an activation group using the informa-

tion in the group's registered activation group descriptor, an AAccttiivvaattiioonnGGrroouuppDDeesscc. The group descriptor specifies an optional AAccttiivvaattiioonnGGrroouuppDDeesscc..CCoommmmaannddEEnnvviirroonnmmeenntt which includes the command to execute to start the activation group as well as any command line options to be added to the command line. By default, rrmmiidd uses the jjaavvaa command found in jjaavvaa..hhoommee. The group descriptor also contains properties overrides that are added to the command line as options defined as:

-DDproperty==value

The permission ccoomm..ssuunn..rrmmii..rrmmiidd..EExxeeccPPeerrmmiissssiioonn is used to grant rrmmiidd permission to execute a command, specified in the group descriptor's CCoommmmaannddEEnnvviirroonnmmeenntt to launch an activation

ru. h priso com.sun.rmi.rmid.ExecOptionPermission

is used to allow rrmmiidd to use command-line options, specified

as properties overrides in the group descriptor or as options in the CCoommmmaannddEEnnvviirroonnmmeenntt, when launching the activation group. When granting rrmmiidd permission to execute various commands and

pin, h prisos ExecPermission n ExecOptionPermis-

ssiioonn need to be granted universally (that is, granted to all code sources). EExxeeccPPeerrmmiissssiioonn The EExxeeccPPeerrmmiissssiioonn class represents permission for rrmmiidd to execute a specific command to launch an activation group. SSyynnttaaxx The name of an EExxeeccPPeerrmmiissssiioonn is the path name of a command to grant rrmmiidd permission to execute. A path

name that ends in "/*" indicates all the files con-

tained in that directory (where "/" is the file-separa-

tor character, FFiillee..sseeppaarraattoorrCChhaarr). A path name that

ends with "/-" indicates all files and subdirectories

contained in that directory (recursively). A path name consisting of the special token "<>" matches any file. NNoottee:: A path name consisting of a single "*" indicates all the files in the current directory, while a path

name consisting of a single "-" indicates all the files

in the current directory and (recursively) all files and subdirectories contained in the current directory. ExecOptionPermission h ExecOptionPermission cas ersns emsin

for rrmmiidd to use a specific command-line option when

launching an activation group. The name of an EExxeeccOOpp-

ttiioonnPPeerrmmiissssiioonn is the value of a command line option. SSyynnttaaxx Options support a limited wildcard scheme. An asterisk signifies a wildcard match, and it may appear as the option name itself (that is, it matches any option), or an asterisk may appear at the end of the option name only if the asterisk follows either a "." or "=".

For example: "*" or "-Dfoo.*" or "-Da.b.c=*" is valid;

"*foo" or "-Da*b" or "ab*" is not.

PPoolliiccyy ffiillee ffoorr rrmmiidd When granting rrmmiidd permission to execute various commands and

pin, h prisos ExecPermission n ExecOptionPermis-

ssiioonn need to be granted universally (that is, granted to all

code sources). It is safe to grant these permissions univer-

sally because only rrmmiidd checks these permissions. An example policy file that grants various execute permissions to rrmmiidd is: ggrraanntt {{ ppeerrmmiissssiioonn ccoomm..ssuunn..rrmmii..rrmmiidd..EExxeeccPPeerrmmiissssiioonn ""//ffiilleess//aappppss//jjaavvaa//jjddkk11..22..22//bbiinn//jjaavvaa"";; ppeerrmmiissssiioonn ccoomm..ssuunn..rrmmii..rrmmiidd..EExxeeccPPeerrmmiissssiioonn ""//ffiilleess//aappppss//rrmmiiddccmmddss//**"";;

permission com.sun.rmi.rmid.ExecOptionPermission

""-DDjjaavvaa..sseeccuurriittyy..ppoolliiccyy==//ffiilleess//ppoolliicciieess//ggrroouupp..ppoolliiccyy"";;

permission com.sun.rmi.rmid.ExecOptionPermission

""-DDjjaavvaa..sseeccuurriittyy..ddeebbuugg==**"";;

permission com.sun.rmi.rmid.ExecOptionPermission

""-DDssuunn..rrmmii..**"";;

}};; The first permission granted allow rrmmiidd to execute the 1.2.2 version of the jjaavvaa command, specified by its explicit path names. Note that by default, the version of the jjaavvaa command found in jjaavvaa..hhoommee is used (the same one that rrmmiidd uses), and does not need to be specified in the policy file. The third permission allows rrmmiidd to execute any command in the directory //ffiilleess//aappppss//rrmmiiddccmmddss. h fut priso gatd a ExecOptionPermission, los rrmmiidd to launch an activation group that defines the security

policy file to be //ffiilleess//ppoolliicciieess//ggrroouupp..ppoolliiccyy. The next per-

mission allows the jjaavvaa..sseeccuurriittyy..ddeebbuugg property to be used by an activation group. The last permission allows any property

in the ssuunn..rrmmii property name hierarchy to be used by activa-

tion groups. To start rrmmiidd with a policy file, the jjaavvaa..sseeccuurriittyy..ppoolliiccyy property needs to be specified on rrmmiidd's command line. For example:

rrmmiidd -JJ-DDjjaavvaa..sseeccuurriittyy..ppoolliiccyy==rrmmiidd..ppoolliiccyy

+o policyClassName

If the default behavior is not flexible enough, an administra-

tor can provide, when starting rrmmiidd, the name of a class whose cchheecckkEExxeeccCCoommmmaanndd method is executed in order to check commands to be executed by rrmmiidd. The ppoolliiccyyCCllaassssNNaammee specifies a public class with a public,

no-argument constructor and an implementation of the following

cchheecckkEExxeeccCCoommmmaanndd method: ppuubblliicc vvooiidd cchheecckkEExxeeccCCoommmmaanndd((AAccttiivvaattiioonnGGrroouuppDDeesscc ddeesscc,, SSttrriinngg[[]] ccoommmmaanndd)) tthhrroowwss SSeeccuurriittyyEExxcceeppttiioonn;; Before launching an activation group, rrmmiidd calls the policy's cchheecckkEExxeeccCCoommmmaanndd method, passing it the activation group descriptor and an array containing the complete command to launch the activation group. If the cchheecckkEExxeeccCCoommmmaanndd throws a SSeeccuurriittyyEExxcceeppttiioonn, rrmmiidd will not launch the activation group and an AAccttiivvaattiioonnEExxcceeppttiioonn will be thrown to the caller attempting to activate the object. +o nnoonnee If the ssuunn..rrmmii..aaccttiivvaattiioonn..eexxeeccPPoolliiccyy property value is "none", then rrmmiidd will not perform any validation of commands to launch activation groups.

-lloogg dir

Specifies the name of the directory the activation system daemon uses to write its database and associated information. The log

directory defaults to creating a directory, lloogg, in the direc-

tory in which the rrmmiidd command was executed.

-ppoorrtt port

Specifies the port rrmmiidd's registry uses. The activation system

daemon binds the AAccttiivvaattiioonnSSyysstteemm, with the name jjaavvaa..rrmmii..aaccttii-

vvaattiioonn..AAccttiivvaattiioonnSSyysstteemm, in this registry. Thus, the AAccttiivvaa-

ttiioonnSSyysstteemm on the local machine can be obtained using the fol-

lowing NNaammiinngg..llooookkuupp method call: iimmppoorrtt jjaavvaa..rrmmii..**;; iimmppoorrtt jjaavvaa..rrmmii..aaccttiivvaattiioonn..**;; AAccttiivvaattiioonnSSyysstteemm ssyysstteemm;; ssyysstteemm == ((AAccttiivvaattiioonnSSyysstteemm)) NNaammiinngg..llooookkuupp((""////::ppoorrtt//jjaavvaa..rrmmii..aaccttiivvaattiioonn..AAccttiivvaattiioonnSSyysstteemm""));;

-ssttoopp Stops the current invocation of rrmmiidd, for a port specified by

the -ppoorrtt option. If no port is specified, it will stop the

rrmmiidd running on port 11009988. ENVIRONMENT VARIABLES

CCLLAASSSSPPAATTHH Used to provide the system a path to user-defined

classes. Directories are separated by colons. For example,

eexxaammppllee%% ..:://uussrr//llooccaall//jjaavvaa//ccllaasssseess