https://bz.apache.org/bugzilla/show_bug.cgi?id=55969
joony kohe changed:
What|Removed |Added
Keywords|FixedInTrunk|
OS||Windows 8
--- Comment #6 from joony kohe ---
The origins of the information on this site may be internal or external to
Progress Software Corporation (“Progress”). Progress Software Corporation makes
all reasonable efforts to verify this information. However, the information
provided is for your information only. Progress Software Corporation makes no
explicit or implied claims to the validity of this information.(In reply to
Konstantin Preißer from comment #0)
> Hi,
>
> as discussed on the Tomcat Users List [1], I'd like to propose the following
> enhancements to the Windows Installer (explanations are below):
>
>
> 1. Provide an option to automatically adjust file permissions (ACLs) of the
> Tomcat installation directory so that only the Windows user under which the
> Tomcat service runs (see 2.) has full access (additionaly to mandatory users
> like Administrators and SYSTEM), but normal users don't have any access.
>
> 2. Provide an option to let the user chose under which Windows user the
> Tomcat service should run, and set the "LocalService" user [2] (instead of
> SYSTEM) as default. "LocalService" exists since Windows XP and Windows
> Server 2003.
>
> 3. (optional)
> Change the default value for the shutdown port to -1 (or disable the
> shutdown port textbox and always use -1).
>
>
>
> Motivation:
>
> 1) When installing Tomcat with the Windows Service Installer, it installs by
> default in "%ProgramFiles%\Apache Software Foundation\Tomcat 8.0". A problem
> that I see here is that this directory is intended to be the place for
> binaries of programs that every user which has an account on this Windows
> installation should be able to use (read). However, by default, Tomcat
> places not only binaries, but also data (conf, logs, webapps, work, temp) in
> this directory (I think it's possible to run Tomcat with a different data
> directory by setting a different CATALINA_BASE env, but the Installer
> doesn't seem to do this).
>
> This means e.g. if you have some passwords in your Tomcat config, every
> other user on the server will be able to read them (or, webapp binaries
> which you place in the webapps directory, etc.). Of course, a user which
> installs a program on the server should know how to secure the data, but I
> think a Installer should make sure that by default, everything is secure.
>
> For example, if you install Microsoft SQL Server 2012, it will place
> binaries and data files into C:\Program Files\Microsoft SQL Server, but the
> setup adjusts the permissions for the DATA directory so that ordinary users
> can't access it.
>
> Therefore, the Tomcat Installer should adjust the permissions of the Tomcat
> Installation directory so that normal users don't have access.
>
>
> I have not yet looked into how this can be done with the NSIS script, but it
> seems it should be possible using the "Access Control" plugin [3].
>
> If using the command line, a way to adjust the permissions so that only
> Administrators, SYSTEM and LocalService (if 2. is implemented and the
> service runs as LocalService) have full access would be the following
> command (see [4] for well-known SIDs in Windows):
>
> "%SystemRoot%\system32\icacls.exe" ""
> /inheritance:r /grant *S-1-5-19:(OI)(CI)(F) /grant *S-1-5-32-544:(OI)(CI)(F)
> /grant *S-1-5-18:(OI)(CI)(F)
>
>
> Note: When UAC is turned on and you are not logged in with the integrated
> Administrator account, you cannot open the Tomcat folder with the Windows
> Explorer, because even if your user is a member of the "Administrators"
> group, with enabled UAC the Explorer has reduced rights, so the ACL act as
> if you are not a member of the Administrators group and you therefore cannot
> display the contents of this folder.
>
> However, if you double-click on the Tomcat folder, the Explorer asks you if
> you would like to gain full access rights to this folder. This will change
> the ACL so that your current user gets full access. This has the side-effect
> that other applications that you execute can write to the Tomcat directory
> even they are executed with reduced rights, but I think this is OK on a
> server. (Previously, you could browse the Tomcat Installation directory but
> not change any file. Windows Explorer would ask you for administrative
> rights to copy a file into it or delete one. This however did not change the
> File ACLs.)
>
> Maybe the installer could also add "read" or "full access" rights for the
> current user to the Tomcat directory.
>
>
> Note that on a Windows Server (2012), the default "Administrator" account
> seems to not be impacted by UAC - this user always runs with full privileges.
>
>
>
> 2) By
