1 .\" Copyright (c) 1994, 2019, Oracle and/or its affiliates. All rights reserved. 2 .\" DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 3 .\" 4 .\" This code is free software; you can redistribute it and/or modify it 5 .\" under the terms of the GNU General Public License version 2 only, as 6 .\" published by the Free Software Foundation. 7 .\" 8 .\" This code is distributed in the hope that it will be useful, but WITHOUT 9 .\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 10 .\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 11 .\" version 2 for more details (a copy is included in the LICENSE file that 12 .\" accompanied this code). 13 .\" 14 .\" You should have received a copy of the GNU General Public License version 15 .\" 2 along with this work; if not, write to the Free Software Foundation, 16 .\" Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 17 .\" 18 .\" Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 19 .\" or visit www.oracle.com if you need additional information or have any 20 .\" questions. 21 .\" 22 .\" Automatically generated by Pandoc 2.3.1 23 .\" 24 .TH "RMID" "1" "2020" "JDK 14" "JDK Commands" 25 .hy 26 .SH NAME 27 .PP 28 rmid \- start the activation system daemon that enables objects to be 29 registered and activated in a Java Virtual Machine (JVM) 30 .SH SYNOPSIS 31 .PP 32 \f[CB]rmid\f[R] [\f[I]options\f[R]] 33 .TP 34 .B \f[I]options\f[R] 35 This represent the command\-line options for the \f[CB]rmid\f[R] command. 36 See \f[B]Options for rmid\f[R]. 37 .RS 38 .RE 39 .SH DESCRIPTION 40 .PP 41 The \f[CB]rmid\f[R] command starts the activation system daemon. 42 The activation system daemon must be started before objects that can be 43 activated are either registered with the activation system or activated 44 in a JVM. 45 .PP 46 Start the daemon by executing the \f[CB]rmid\f[R] command and specifying a 47 security policy file, as follows: 48 .RS 49 .PP 50 \f[CB]rmid\ \-J\-Djava.security.policy=rmid.policy\f[R] 51 .RE 52 .PP 53 When you run Oracle\[aq]s implementation of the \f[CB]rmid\f[R] command, 54 by default you must specify a security policy file so that the 55 \f[CB]rmid\f[R] command can verify whether or not the information in each 56 \f[CB]ActivationGroupDesc\f[R] is allowed to be used to start a JVM for an 57 activation group. 58 Specifically, the command and options specified by the 59 \f[CB]CommandEnvironment\f[R] and any properties passed to an 60 \f[CB]ActivationGroupDesc\f[R] constructor must now be explicitly allowed 61 in the security policy file for the \f[CB]rmid\f[R] command. 62 The value of the \f[CB]sun.rmi.activation.execPolicy\f[R] property 63 dictates the policy that the \f[CB]rmid\f[R] command uses to determine 64 whether or not the information in an \f[CB]ActivationGroupDesc\f[R] can be 65 used to start a JVM for an activation group. 66 For more information see the description of the 67 \f[CB]\-J\-Dsun.rmi.activation.execPolicy=policy\f[R] option. 68 .PP 69 Executing the \f[CB]rmid\f[R] command starts the \f[CB]Activator\f[R] and an 70 internal registry on the default port 1098 and binds an 71 \f[CB]ActivationSystem\f[R] to the name 72 \f[CB]java.rmi.activation.ActivationSystem\f[R] in this internal registry. 73 .PP 74 To specify an alternate port for the registry, you must specify the 75 \f[CB]\-port\f[R] option when you execute the \f[CB]rmid\f[R] command. 76 For example, the following command starts the activation system daemon 77 and a registry on the registry\[aq]s default port, 1099. 78 .RS 79 .PP 80 \f[CB]rmid\ \-J\-Djava.security.policy=rmid.policy\ \-port\ 1099\f[R] 81 .RE 82 .SH START RMID ON DEMAND (ORACLE SOLARIS AND LINUX ONLY) 83 .PP 84 An alternative to starting \f[CB]rmid\f[R] from the command line is to 85 configure \f[CB]inetd\f[R] (Oracle Solaris) or \f[CB]xinetd\f[R] (Linux) to 86 start \f[CB]rmid\f[R] on demand. 87 .PP 88 When RMID starts, it attempts to obtain an inherited channel (inherited 89 from \f[CB]inetd\f[R]/\f[CB]xinetd\f[R]) by calling the 90 \f[CB]System.inheritedChannel\f[R] method. 91 If the inherited channel is null or not an instance of 92 \f[CB]java.nio.channels.ServerSocketChannel\f[R], then RMID assumes that 93 it wasn\[aq]t started by \f[CB]inetd\f[R]/\f[CB]xinetd\f[R], and it starts 94 as previously described. 95 .PP 96 If the inherited channel is a \f[CB]ServerSocketChannel\f[R] instance, 97 then RMID uses the \f[CB]java.net.ServerSocket\f[R] obtained from the 98 \f[CB]ServerSocketChannel\f[R] as the server socket that accepts requests 99 for the remote objects it exports: The registry in which the 100 \f[CB]java.rmi.activation.ActivationSystem\f[R] is bound and the 101 \f[CB]java.rmi.activation.Activator\f[R] remote object. 102 In this mode, RMID behaves the same as when it is started from the 103 command line, except in the following cases: 104 .IP \[bu] 2 105 Output printed to \f[CB]System.err\f[R] is redirected to a file. 106 This file is located in the directory specified by the 107 \f[CB]java.io.tmpdir\f[R] system property (typically \f[CB]/var/tmp\f[R] or 108 \f[CB]/tmp\f[R]) with the prefix \f[CB]rmid\-err\f[R] and the suffix 109 \f[CB]tmp\f[R]. 110 .IP \[bu] 2 111 The \f[CB]\-port\f[R] option isn\[aq]t allowed. 112 If this option is specified, then RMID exits with an error message. 113 .IP \[bu] 2 114 The \f[CB]\-log\f[R] option is required. 115 If this option isn\[aq]t specified, then RMID exits with an error 116 message 117 .SH OPTIONS FOR RMID 118 .TP 119 .B \f[CB]\-C\f[R]\f[I]option\f[R] 120 Specifies an option that\[aq]s passed as a command\-line argument to 121 each child process (activation group) of the \f[CB]rmid\f[R] command when 122 that process is created. 123 For example, you could pass a property to each virtual machine spawned 124 by the activation system daemon: 125 .RS 126 .RS 127 .PP 128 \f[CB]rmid\ \-C\-Dsome.property=value\f[R] 129 .RE 130 .PP 131 This ability to pass command\-line arguments to child processes can be 132 useful for debugging. 133 For example, the following command enables server\-call logging in all 134 child JVMs. 135 .RS 136 .PP 137 \f[CB]rmid\ \-C\-Djava.rmi.server.logCalls=true\f[R] 138 .RE 139 .RE 140 .TP 141 .B \f[CB]\-J\f[R]\f[I]option\f[R] 142 Specifies an option that\[aq]s passed to the Java interpreter running 143 RMID command. 144 For example, to specify that the \f[CB]rmid\f[R] command use a policy file 145 named \f[CB]rmid.policy\f[R], the \f[CB]\-J\f[R] option can be used to 146 define the \f[CB]java.security.policy\f[R] property on the \f[CB]rmid\f[R] 147 command line, for example: 148 .RS 149 .RS 150 .PP 151 \f[CB]rmid\ \-J\-Djava.security.policy\-rmid.policy\f[R] 152 .RE 153 .RE 154 .TP 155 .B \f[CB]\-J\-Dsun.rmi.activation.execPolicy=\f[R]\f[I]policy\f[R] 156 Specifies the policy that the RMID command employs to check commands and 157 command\-line options used to start the JVM in which an activation group 158 runs. 159 This option exists only in Oracle\[aq]s implementation of the Java RMI 160 activation daemon. 161 If this property isn\[aq]t specified on the command line, then the 162 result is the same as though 163 \f[CB]\-J\-Dsun.rmi.activation.execPolicy=default\f[R] were specified. 164 .RS 165 .PP 166 The possible values of \f[I]policy\f[R] can be \f[CB]default\f[R], 167 \f[I]policyClassName\f[R], or \f[CB]none\f[R]. 168 .IP \[bu] 2 169 \f[CB]default\f[R] 170 .RS 2 171 .PP 172 The \f[CB]default\f[R] or unspecified value \f[CB]execPolicy\f[R] allows the 173 \f[CB]rmid\f[R] command to execute commands with specific command\-line 174 options only when the \f[CB]rmid\f[R] command was granted permission to 175 execute those commands and options in the security policy file that the 176 \f[CB]rmid\f[R] command uses. 177 Only the default activation group implementation can be used with the 178 default execution policy. 179 .PP 180 The \f[CB]rmid\f[R] command starts a JVM for an activation group with the 181 information in the group\[aq]s registered activation group descriptor, 182 \f[CB]ActivationGroupDesc\f[R]. 183 The group descriptor specifies an optional 184 \f[CB]ActivationGroupDesc.CommandEnvironment\f[R] that includes the 185 command to execute to start the activation group and any command\-line 186 options to be added to the command line. 187 By default, the \f[CB]rmid\f[R] command uses the \f[CB]java\f[R] command 188 found in \f[CB]java.home\f[R]. 189 The group descriptor also contains properties overrides that are added 190 to the command line as options defined as: 191 \f[CB]\-D\f[R]\f[I]property\f[R]\f[CB]=\f[R]\f[I]value\f[R]. 192 The \f[CB]com.sun.rmi.rmid.ExecPermission\f[R] permission grants the 193 \f[CB]rmid\f[R] command permission to execute a command that\[aq]s 194 specified in the group descriptor\[aq]s \f[CB]CommandEnvironment\f[R] to 195 start an activation group. 196 The \f[CB]com.sun.rmi.rmid.ExecOptionPermission\f[R] permission enables 197 the \f[CB]rmid\f[R] command to use command\-line options, specified as 198 properties overrides in the group descriptor or as options in the 199 \f[CB]CommandEnvironment\f[R] when starting the activation group. 200 When granting the \f[CB]rmid\f[R] command permission to execute various 201 commands and options, the permissions \f[CB]ExecPermission\f[R] and 202 \f[CB]ExecOptionPermission\f[R] must be granted to all code sources. 203 .PP 204 \f[CB]ExecPermission\f[R] class: Represents permission for the 205 \f[CB]rmid\f[R] command to execute a specific command to start an 206 activation group. 207 .PP 208 \f[CB]ExecPermission\f[R] syntax: The name of \f[CB]ExecPermission\f[R] is 209 the path name of a command to grant the \f[CB]rmid\f[R] command permission 210 to execute. 211 .PP 212 A path name that ends in a slash (\f[CB]/\f[R]) and an asterisk 213 (\f[CB]*\f[R]) indicates that all of the files are contained in that 214 directory where the slash is the file\-separator character, 215 \f[CB]File.separatorChar\f[R]. 216 .PP 217 A path name that ends in a slash (\f[CB]/\f[R]) and a minus sign 218 (\f[CB]\-\f[R]) indicates that all files and subdirectories are contained 219 in that directory (recursively). 220 .PP 221 A path name that consists of the special token \f[CB]<<ALL\ FILES>>\f[R] 222 matches any file. 223 .PP 224 A path name that consists of an asterisk (\f[CB]*\f[R]) indicates that all 225 the files are in the current directory. 226 .PP 227 A path name that consists of a minus sign (\f[CB]\-\f[R]) indicates that 228 all the files are in the current directory and (recursively) all files 229 and subdirectories are contained in the current directory. 230 .PP 231 \f[CB]ExecOptionPermission\f[R] class: Represents permission for the 232 \f[CB]rmid\f[R] command to use a specific command\-line option when 233 starting an activation group. 234 The name of \f[CB]ExecOptionPermission\f[R] is the value of a 235 command\-line option. 236 .PP 237 \f[CB]ExecOptionPermission\f[R] syntax: Options support a limited wild 238 card scheme. 239 An asterisk signifies a wild card match, and it can appear as the option 240 name itself (matches any option), or an asterisk (*) can appear at the 241 end of the option name only when the asterisk (\f[CB]*\f[R]) follows a dot 242 (\f[CB]\&.\f[R]) or an equals sign (\f[CB]=\f[R]). 243 .PP 244 For example: \f[CB]*\f[R] or \f[CB]\-Dmydir.*\f[R] or \f[CB]\-Da.b.c=*\f[R] is 245 valid, but \f[CB]*mydir\f[R] or \f[CB]\-Da*b\f[R] or \f[CB]ab*\f[R] isn\[aq]t 246 valid. 247 .PP 248 \f[B]Policy file for rmid\f[R] 249 .PP 250 When you grant the \f[CB]rmid\f[R] command permission to execute various 251 commands and options, the permissions \f[CB]ExecPermission\f[R] and 252 \f[CB]ExecOptionPermission\f[R] must be granted to all code sources 253 (universally). 254 It is safe to grant these permissions universally because only the 255 \f[CB]rmid\f[R] command checks these permissions. 256 .PP 257 An example policy file that grants various execute permissions to the 258 \f[CB]rmid\f[R] command is: 259 .IP \[bu] 2 260 \f[B]Oracle Solaris:\f[R] 261 .RS 2 262 .IP 263 .nf 264 \f[CB] 265 grant\ { 266 \ \ \ \ permission\ com.sun.rmi.rmid.ExecPermission 267 \ \ \ \ \ \ \ \ "/files/apps/java/jdk1.7.0/solaris/bin/java"; 268 269 \ \ \ \ permission\ com.sun.rmi.rmid.ExecPermission 270 \ \ \ \ \ \ \ \ "/files/apps/rmidcmds/*"; 271 272 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 273 \ \ \ \ \ \ \ \ "\-Djava.security.policy=/files/policies/group.policy"; 274 275 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 276 \ \ \ \ \ \ \ \ "\-Djava.security.debug=*"; 277 278 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 279 \ \ \ \ \ \ \ \ "\-Dsun.rmi.*"; 280 }; 281 \f[R] 282 .fi 283 .RE 284 .IP \[bu] 2 285 \f[B]Windows:\f[R] 286 .RS 2 287 .IP 288 .nf 289 \f[CB] 290 grant\ { 291 \ \ \ \ permission\ com.sun.rmi.rmid.ExecPermission 292 \ \ \ \ \ \ \ \ "c:\\\\files\\\\apps\\\\java\\\\jdk1.7.0\\\\win\\\\bin\\\\java"; 293 294 \ \ \ \ permission\ com.sun.rmi.rmid.ExecPermission 295 \ \ \ \ \ \ \ \ "c:\\\\files\\\\apps\\\\rmidcmds\\\\*"; 296 297 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 298 \ \ \ \ \ \ \ \ "\-Djava.security.policy=c:\\\\files\\\\policies\\\\group.policy"; 299 300 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 301 \ \ \ \ \ \ \ \ "\-Djava.security.debug=*"; 302 303 \ \ \ \ permission\ com.sun.rmi.rmid.ExecOptionPermission 304 \ \ \ \ \ \ \ \ "\-Dsun.rmi.*"; 305 }; 306 \f[R] 307 .fi 308 .RE 309 .PP 310 The first permission granted allows the \f[CB]rmid\f[R] command to execute 311 the 1.7.0 release of the \f[CB]java\f[R] command, specified by its 312 explicit path name. 313 By default, the version of the \f[CB]java\f[R] command found in 314 \f[CB]java.home\f[R] is used (the same one that the \f[CB]rmid\f[R] command 315 uses), and doesn\[aq]t need to be specified in the policy file. 316 The second permission allows the \f[CB]rmid\f[R] command to execute any 317 command in either the directory \f[CB]/files/apps/rmidcmds\f[R] (Oracle 318 Solaris, Linux, and macOS) or the directory 319 \f[CB]c:\\files\\apps\\rmidcmds\\\f[R] (Windows). 320 .PP 321 The third permission granted, \f[CB]ExecOptionPermission\f[R], allows the 322 \f[CB]rmid\f[R] command to start an activation group that defines the 323 security policy file to be either \f[CB]/files/policies/group.policy\f[R] 324 (Oracle Solaris) or \f[CB]c:\\files\\policies\\group.policy\f[R] 325 (Windows). 326 The next permission allows the \f[CB]java.security.debug\ property\f[R] to 327 be used by an activation group. 328 The last permission allows any property in the 329 \f[CB]sun.rmi\ property\f[R] name hierarchy to be used by activation 330 groups. 331 .PP 332 To start the \f[CB]rmid\f[R] command with a policy file, the 333 \f[CB]java.security.policy\f[R] property needs to be specified on the 334 \f[CB]rmid\f[R] command line, for example: 335 .PP 336 \f[CB]rmid\ \-J\-Djava.security.policy=rmid.policy\f[R]. 337 .RE 338 .IP \[bu] 2 339 \f[I]policyClassName\f[R] 340 .RS 2 341 .PP 342 If the default behavior isn\[aq]t flexible enough, then an administrator 343 can provide, when starting the \f[CB]rmid\f[R] command, the name of a 344 class whose \f[CB]checkExecCommand\f[R] method is executed to check 345 commands to be executed by the \f[CB]rmid\f[R] command. 346 .PP 347 The \f[CB]policyClassName\f[R] specifies a public class with a public, 348 no\-argument constructor and an implementation of the following 349 \f[CB]checkExecCommand\f[R] method: 350 .IP 351 .nf 352 \f[CB] 353 \ public\ void\ checkExecCommand(ActivationGroupDesc\ desc,\ String[]\ command) 354 \ \ \ \ \ \ \ \ throws\ SecurityException; 355 \f[R] 356 .fi 357 .PP 358 Before starting an activation group, the \f[CB]rmid\f[R] command calls the 359 policy\[aq]s \f[CB]checkExecCommand\f[R] method and passes to it the 360 activation group descriptor and an array that contains the complete 361 command to start the activation group. 362 If the \f[CB]checkExecCommand\f[R] throws a \f[CB]SecurityException\f[R], 363 then the \f[CB]rmid\f[R] command doesn\[aq]t start the activation group 364 and an \f[CB]ActivationException\f[R] is thrown to the caller attempting 365 to activate the object. 366 .RE 367 .IP \[bu] 2 368 \f[CB]none\f[R] 369 .RS 2 370 .PP 371 If the \f[CB]sun.rmi.activation.execPolicy\f[R] property value is 372 \f[CB]none\f[R], then the \f[CB]rmid\f[R] command doesn\[aq]t perform any 373 validation of commands to start activation groups. 374 .RE 375 .RE 376 .TP 377 .B \f[CB]\-log\f[R] \f[I]dir\f[R] 378 Specifies the name of the directory that the activation system daemon 379 uses to write its database and associated information. 380 The log directory defaults to creating a log, in the directory in which 381 the \f[CB]rmid\f[R] command was executed. 382 .RS 383 .RE 384 .TP 385 .B \f[CB]\-port\f[R] \f[I]port\f[R] 386 Specifies the port that the registry uses. 387 The activation system daemon binds \f[CB]ActivationSystem\f[R], with the 388 name \f[CB]java.rmi.activation.ActivationSystem\f[R], in this registry. 389 The \f[CB]ActivationSystem\f[R] on the local machine can be obtained using 390 the following \f[CB]Naming.lookup\f[R] method call: 391 .RS 392 .IP 393 .nf 394 \f[CB] 395 import\ java.rmi.*; 396 import\ java.rmi.activation.*; 397 398 ActivationSystem\ system;\ system\ =\ (ActivationSystem) 399 Naming.lookup("//:port/java.rmi.activation.ActivationSystem"); 400 \f[R] 401 .fi 402 .RE 403 .TP 404 .B \f[CB]\-stop\f[R] 405 Stops the current invocation of the \f[CB]rmid\f[R] command for a port 406 specified by the \f[CB]\-port\f[R] option. 407 If no port is specified, then this option stops the \f[CB]rmid\f[R] 408 invocation running on port 1098. 409 .RS 410 .RE