[ https://issues.apache.org/jira/browse/DAEMON-450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17637393#comment-17637393 ]
Mark Thomas commented on DAEMON-450: ------------------------------------ The original report was for Windows 7 which is no longer supported. This behaviour is not observed with a fully patched Windows 8.1 or fully patched Windows 10. I can repeat this with Windows Server 2012. I'll take a look at the proposed patch. > Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted > two ACLs > ------------------------------------------------------------------------------------- > > Key: DAEMON-450 > URL: https://issues.apache.org/jira/browse/DAEMON-450 > Project: Commons Daemon > Issue Type: Bug > Components: prunsrv > Affects Versions: 1.3.2 > Environment: Windows 7 SP1 x64 > Apache Tomcat 9.0.69 x86 (zip-dist) > > Reporter: Norimasa Yamamoto > Priority: Major > > Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted > two ACLs. > Repro at Tomcat9 directory on Admin Command Prompt (not Admin PowerShell). > > ren logs logs1 > > md logs > > icacls logs > logs NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > bin\tomcat9.exe //US/Tomcat9 > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > bin\tomcat9.exe //US/Tomcat9 > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > for /l %i in (1,0,1) do bin\tomcat9.exe //US/Tomcat9 > : (...after 1000-2000 times...) > [2022-11-18 17:46:20] [warn] [ 2456] Failed to grant service user 'NT > AUTHORITY\LocalService' write permissions to log path > '<full/path/to/tomcat9>\logs' due to error '1340: The inherited access > control list (ACL) or access control entry (ACE) could not be built.' > : > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > : > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) -- This message was sent by Atlassian Jira (v8.20.10#820010)