[jira] [Commented] (DAEMON-450) Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted two ACLs
[ https://issues.apache.org/jira/browse/DAEMON-450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17638429#comment-17638429 ] Norimasa Yamamoto commented on DAEMON-450: -- I red the diff. It will be missing the NULL iinitialization for doing ”cleanup” block. Sorry if you were already fixed. > Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted > two ACLs > - > > Key: DAEMON-450 > URL: https://issues.apache.org/jira/browse/DAEMON-450 > Project: Commons Daemon > Issue Type: Bug > Components: prunsrv >Affects Versions: 1.3.2 > Environment: Windows 7 SP1 x64 > Apache Tomcat 9.0.69 x86 (zip-dist) > >Reporter: Norimasa Yamamoto >Priority: Major > Fix For: 1.3.3 > > > Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted > two ACLs. > Repro at Tomcat9 directory on Admin Command Prompt (not Admin PowerShell). > > ren logs logs1 > > md logs > > icacls logs > logs NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > bin\tomcat9.exe //US/Tomcat9 > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > bin\tomcat9.exe //US/Tomcat9 > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > for /l %i in (1,0,1) do bin\tomcat9.exe //US/Tomcat9 > : (...after 1000-2000 times...) > [2022-11-18 17:46:20] [warn] [ 2456] Failed to grant service user 'NT > AUTHORITY\LocalService' write permissions to log path > '\logs' due to error '1340: The inherited access > control list (ACL) or access control entry (ACE) could not be built.' > : > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > : > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (DAEMON-450) Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted two ACLs
[ https://issues.apache.org/jira/browse/DAEMON-450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17637016#comment-17637016 ] Norimasa Yamamoto edited comment on DAEMON-450 at 11/22/22 6:36 AM: Easy fix for above. (only changing GRANT_ACCESS to SET_ACCESS in src\native\windows\src\security.c) However, still have two leaks at GetNamedSecurityInfoW's pSD and SetEntriesInAcl's pNewDACL. They will need to free by LocalFree. see C++ sample. [https://learn.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-of-an-object-in-c--] {code:java} --- security.c Sun Sep 18 13:49:42 2022 +++ security.c Tue Nov 22 14:15:13 2022 @@ -81,5 +81,5 @@ ZeroMemory(, sizeof(EXPLICIT_ACCESS)); ea.grfAccessPermissions = GENERIC_EXECUTE + GENERIC_READ + GENERIC_WRITE; - ea.grfAccessMode = GRANT_ACCESS; + ea.grfAccessMode = SET_ACCESS; ea.grfInheritance = CONTAINER_INHERIT_ACE + OBJECT_INHERIT_ACE; ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME;{code} was (Author: JIRAUSER298397): Easy fix for above. (only changing GRANT_ACCESS to SET_ACCESS in src\native\windows\src\security.c) However, still have two leaks at GetNamedSecurityInfoW's pSD and SetEntriesInAcl's pNewDACL. They will need to free by LocalFree. see C++ sample. [https://learn.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-of-an-object-in-c--] --- security.c Sun Sep 18 13:49:42 2022 +++ security.c Tue Nov 22 14:15:13 2022 @@ -81,5 +81,5 @@ ZeroMemory(, sizeof(EXPLICIT_ACCESS)); ea.grfAccessPermissions = GENERIC_EXECUTE + GENERIC_READ + GENERIC_WRITE; - ea.grfAccessMode = GRANT_ACCESS; + ea.grfAccessMode = SET_ACCESS; ea.grfInheritance = CONTAINER_INHERIT_ACE + OBJECT_INHERIT_ACE; ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; > Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted > two ACLs > - > > Key: DAEMON-450 > URL: https://issues.apache.org/jira/browse/DAEMON-450 > Project: Commons Daemon > Issue Type: Bug > Components: prunsrv >Affects Versions: 1.3.2 > Environment: Windows 7 SP1 x64 > Apache Tomcat 9.0.69 x86 (zip-dist) > >Reporter: Norimasa Yamamoto >Priority: Major > > Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted > two ACLs. > Repro at Tomcat9 directory on Admin Command Prompt (not Admin PowerShell). > > ren logs logs1 > > md logs > > icacls logs > logs NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > bin\tomcat9.exe //US/Tomcat9 > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > bin\tomcat9.exe //US/Tomcat9 > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > for /l %i in (1,0,1) do bin\tomcat9.exe //US/Tomcat9 > : (...after 1000-2000 times...) > [2022-11-18 17:46:20] [warn] [ 2456] Failed to grant service user 'NT > AUTHORITY\LocalService' write permissions to log path > '\logs' due to error '1340: The inherited access > control list (ACL) or access control entry (ACE) could not be built.' > : > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > : > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (DAEMON-450) Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted two ACLs
[ https://issues.apache.org/jira/browse/DAEMON-450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17637016#comment-17637016 ] Norimasa Yamamoto edited comment on DAEMON-450 at 11/22/22 6:33 AM: Easy fix for above. (only changing GRANT_ACCESS to SET_ACCESS in src\native\windows\src\security.c) However, still have two leaks at GetNamedSecurityInfoW's pSD and SetEntriesInAcl's pNewDACL. They will need to free by LocalFree. see C++ sample. [https://learn.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-of-an-object-in-c--] --- security.c Sun Sep 18 13:49:42 2022 +++ security.c Tue Nov 22 14:15:13 2022 @@ -81,5 +81,5 @@ ZeroMemory(, sizeof(EXPLICIT_ACCESS)); ea.grfAccessPermissions = GENERIC_EXECUTE + GENERIC_READ + GENERIC_WRITE; - ea.grfAccessMode = GRANT_ACCESS; + ea.grfAccessMode = SET_ACCESS; ea.grfInheritance = CONTAINER_INHERIT_ACE + OBJECT_INHERIT_ACE; ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; was (Author: JIRAUSER298397): Easy fix for above. (only changing GRANT_ACCESS to SET_ACCESS in src\native\windows\src\security.c) However, still have two leaks at GetNamedSecurityInfoW's pSD and SetEntriesInAcl's pNewDACL. They will need to free by LocalFree. see C++ sample. https://learn.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-of-an-object-in-c-- --- security.c Sun Sep 18 13:49:42 2022 +++ security.c Tue Nov 22 14:15:13 2022 @@ -81,5 +81,5 @@ ZeroMemory(, sizeof(EXPLICIT_ACCESS)); ea.grfAccessPermissions = GENERIC_EXECUTE + GENERIC_READ + GENERIC_WRITE; -ea.grfAccessMode = GRANT_ACCESS; +ea.grfAccessMode = SET_ACCESS; ea.grfInheritance = CONTAINER_INHERIT_ACE + OBJECT_INHERIT_ACE; ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; > Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted > two ACLs > - > > Key: DAEMON-450 > URL: https://issues.apache.org/jira/browse/DAEMON-450 > Project: Commons Daemon > Issue Type: Bug > Components: prunsrv >Affects Versions: 1.3.2 > Environment: Windows 7 SP1 x64 > Apache Tomcat 9.0.69 x86 (zip-dist) > >Reporter: Norimasa Yamamoto >Priority: Major > > Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted > two ACLs. > Repro at Tomcat9 directory on Admin Command Prompt (not Admin PowerShell). > > ren logs logs1 > > md logs > > icacls logs > logs NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > bin\tomcat9.exe //US/Tomcat9 > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > bin\tomcat9.exe //US/Tomcat9 > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > for /l %i in (1,0,1) do bin\tomcat9.exe //US/Tomcat9 > : (...after 1000-2000 times...) > [2022-11-18 17:46:20] [warn] [ 2456] Failed to grant service user 'NT > AUTHORITY\LocalService' write permissions to log path > '\logs' due to error '1340: The inherited access > control list (ACL) or access control entry (ACE) could not be built.' > : > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > : > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (DAEMON-450) Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted two ACLs
[ https://issues.apache.org/jira/browse/DAEMON-450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17637016#comment-17637016 ] Norimasa Yamamoto commented on DAEMON-450: -- Easy fix for above. (only changing GRANT_ACCESS to SET_ACCESS in src\native\windows\src\security.c) However, still have two leaks at GetNamedSecurityInfoW's pSD and SetEntriesInAcl's pNewDACL. They will need to free by LocalFree. see C++ sample. https://learn.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-of-an-object-in-c-- --- security.c Sun Sep 18 13:49:42 2022 +++ security.c Tue Nov 22 14:15:13 2022 @@ -81,5 +81,5 @@ ZeroMemory(, sizeof(EXPLICIT_ACCESS)); ea.grfAccessPermissions = GENERIC_EXECUTE + GENERIC_READ + GENERIC_WRITE; -ea.grfAccessMode = GRANT_ACCESS; +ea.grfAccessMode = SET_ACCESS; ea.grfInheritance = CONTAINER_INHERIT_ACE + OBJECT_INHERIT_ACE; ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; > Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted > two ACLs > - > > Key: DAEMON-450 > URL: https://issues.apache.org/jira/browse/DAEMON-450 > Project: Commons Daemon > Issue Type: Bug > Components: prunsrv >Affects Versions: 1.3.2 > Environment: Windows 7 SP1 x64 > Apache Tomcat 9.0.69 x86 (zip-dist) > >Reporter: Norimasa Yamamoto >Priority: Major > > Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted > two ACLs. > Repro at Tomcat9 directory on Admin Command Prompt (not Admin PowerShell). > > ren logs logs1 > > md logs > > icacls logs > logs NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > bin\tomcat9.exe //US/Tomcat9 > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > bin\tomcat9.exe //US/Tomcat9 > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) > > for /l %i in (1,0,1) do bin\tomcat9.exe //US/Tomcat9 > : (...after 1000-2000 times...) > [2022-11-18 17:46:20] [warn] [ 2456] Failed to grant service user 'NT > AUTHORITY\LocalService' write permissions to log path > '\logs' due to error '1340: The inherited access > control list (ACL) or access control entry (ACE) could not be built.' > : > > icacls logs > logs NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\LOCAL SERVICE:(RX,W) > : > NT AUTHORITY\LOCAL SERVICE:(RX,W) > NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) > NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) > NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) > BUILTIN\Administrators:(I)(OI)(CI)(F) > BUILTIN\Users:(I)(OI)(CI)(M) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (DAEMON-450) Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted two ACLs
Norimasa Yamamoto created DAEMON-450: Summary: Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted two ACLs Key: DAEMON-450 URL: https://issues.apache.org/jira/browse/DAEMON-450 Project: Commons Daemon Issue Type: Bug Components: prunsrv Affects Versions: 1.3.2 Environment: Windows 7 SP1 x64 Apache Tomcat 9.0.69 x86 (zip-dist) Reporter: Norimasa Yamamoto Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted two ACLs. Repro at Tomcat9 directory on Admin Command Prompt (not Admin PowerShell). > ren logs logs1 > md logs > icacls logs logs NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) BUILTIN\Users:(I)(OI)(CI)(M) > bin\tomcat9.exe //US/Tomcat9 > icacls logs logs NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) BUILTIN\Users:(I)(OI)(CI)(M) > bin\tomcat9.exe //US/Tomcat9 > icacls logs logs NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) BUILTIN\Users:(I)(OI)(CI)(M) > for /l %i in (1,0,1) do bin\tomcat9.exe //US/Tomcat9 : (...after 1000-2000 times...) [2022-11-18 17:46:20] [warn] [ 2456] Failed to grant service user 'NT AUTHORITY\LocalService' write permissions to log path '\logs' due to error '1340: The inherited access control list (ACL) or access control entry (ACE) could not be built.' : > icacls logs logs NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\LOCAL SERVICE:(RX,W) : NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) BUILTIN\Users:(I)(OI)(CI)(M) -- This message was sent by Atlassian Jira (v8.20.10#820010)