Rajib,
On 2/26/24 23:43, Saha, Rajib wrote:
Hi Mark,
Thanks for your explanation and suggestion.
For my use case, I have used the below option and its working fine.
=============================
--ServiceUser="LocalSystem"
=============================
Thank you very much for showing the way. 😊
I'm glad you got your service working.
But.
Your next task should be to determine why you need to run your service
as (essentially) local-Administrator and fix it so you don't have to.
Anyone who is able to take control of your application will have
complete control of the local machine.
This is a huge red-flag from a security standpoint.
-chris
-----Original Message-----
From: Mark Thomas <ma...@apache.org>
Sent: 26 February 2024 14:23
To: users@tomcat.apache.org
Subject: Re: Need help for a problem on migrating from Tomcat-8 to Tomcat-9
[You don't often get email from ma...@apache.org. Learn why this is important
at https://aka.ms/LearnAboutSenderIdentification ]
On 26/02/2024 06:11, Saha, Rajib wrote:
Hi Experts,
In our product, we are using Tomcat [OriginalFileName: prunsrv.exe] for
creating a service[Say, Service-A]. It's a huge product running in market for
last 20 years.
We are in progress of moving from Tomcat-8 to tomcat-9.
When we are creating the Service-A with Tomcat-8 [tomcat8.exe]. In "Services" desktop app, we can
see the service is created with "Local System" in "Log On as".
When we are creating the Service-A with Tomcat-9 [tomcat9.exe]. in "Services" desktop app, we can
see the service is created with "Local service" in "Log On as".
Looks like "Local service" has less power than "Local System".
Due to it, Service-A created with Tomcat-9 failing for several operation inside
product.
That should be a security concern. Local System is broadly equivalent to
local administrator. You generally don't want to be running Tomcat under
Local System.
Can somebody suggest, how we can create a service with tomcat-9, with the privilege of
"Local System"?
Have you looked at the documentation?
https://tomcat.apache.org/tomcat-9.0-doc/windows-service-howto.html
Look for "--ServiceUser"
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org