Hi Chris, I got your point.
Actually, this service for us is a core service of our product, which control several core servers on it. But, we will Definity see the options to unblock the dependency as you said. Regards Rajib -----Original Message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: 27 February 2024 19:51 To: users@tomcat.apache.org Subject: Re: Need help for a problem on migrating from Tomcat-8 to Tomcat-9 [You don't often get email from ch...@christopherschultz.net. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Rajib, On 2/26/24 23:43, Saha, Rajib wrote: > Hi Mark, > > Thanks for your explanation and suggestion. > For my use case, I have used the below option and its working fine. > ============================= > --ServiceUser="LocalSystem" > ============================= > > Thank you very much for showing the way. 😊 I'm glad you got your service working. But. Your next task should be to determine why you need to run your service as (essentially) local-Administrator and fix it so you don't have to. Anyone who is able to take control of your application will have complete control of the local machine. This is a huge red-flag from a security standpoint. -chris > -----Original Message----- > From: Mark Thomas <ma...@apache.org> > Sent: 26 February 2024 14:23 > To: users@tomcat.apache.org > Subject: Re: Need help for a problem on migrating from Tomcat-8 to Tomcat-9 > > [You don't often get email from ma...@apache.org. Learn why this is important > at https://aka.ms/LearnAboutSenderIdentification ] > > On 26/02/2024 06:11, Saha, Rajib wrote: >> Hi Experts, >> >> In our product, we are using Tomcat [OriginalFileName: prunsrv.exe] for >> creating a service[Say, Service-A]. It's a huge product running in market >> for last 20 years. >> We are in progress of moving from Tomcat-8 to tomcat-9. >> >> When we are creating the Service-A with Tomcat-8 [tomcat8.exe]. In >> "Services" desktop app, we can see the service is created with "Local >> System" in "Log On as". >> When we are creating the Service-A with Tomcat-9 [tomcat9.exe]. in >> "Services" desktop app, we can see the service is created with "Local >> service" in "Log On as". >> >> Looks like "Local service" has less power than "Local System". >> Due to it, Service-A created with Tomcat-9 failing for several operation >> inside product. > > That should be a security concern. Local System is broadly equivalent to > local administrator. You generally don't want to be running Tomcat under > Local System. > >> Can somebody suggest, how we can create a service with tomcat-9, with the >> privilege of "Local System"? > > Have you looked at the documentation? > > https://tomcat.apache.org/tomcat-9.0-doc/windows-service-howto.html > > Look for "--ServiceUser" > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org