On Mar 24, 2013, at 4:01 PM, André Warnier wrote:
Patrick Flaherty wrote:
On Mar 24, 2013, at 2:56 PM, André Warnier wrote:
Harris, Jeffrey E. wrote:
-----Original Message-----
From: Patrick Flaherty [mailto:pflah...@rampageinc.com]
Sent: Sunday, March 24, 2013 12:18 PM
To: Tomcat Users List
Subject: Re: runtime.exec "cmd.exe /C net use"
On Mar 24, 2013, at 10:24 AM, Harris, Jeffrey E. wrote:
-----Original Message-----
From: Patrick Flaherty [mailto:pflah...@rampageinc.com]
Sent: Sunday, March 24, 2013 10:20 AM
To: Tomcat Users List
Subject: Re: runtime.exec "cmd.exe /C net use"
On Mar 23, 2013, at 10:00 PM, David Kerber wrote:
On 3/23/2013 8:13 PM, Harris, Jeffrey E. wrote:
Hi,
Thanks for all the input. I know about service logins being only
able
to use UNC paths (not drive letters) to access network shares. I
know
the service login & password have to have a matching account
on the
server with the shares in order for the tomcat app to use
(access)
those shares. We do all of this. Out tomcat app depends on
network
shares to function and it always has worked as long as the
service
login account matches an account on the server with the shares.
What I'm trying to do in an html interface is make a pulldown
menu
list of my mapped drives as a location for our database
backup. It's
a preference setup to where an automated scheduled backup will
write
the backups. I'm using "net use" to produce what you would
expect
for
output (all the mapped network drives) and parsing the output to
produce the pulldown menu item containing the unc portion
gleaned
from the "net use" output. I need the unc portion as this is
what a
tomcat app needs. No matter what I do outside the app I cannot
produce the effectively empty list that the app is producing.
I'm
logged into Windows as the same account as the service and I
open a
command prompt and see all my mapped drives via "net use". I
have
tried UAC on and off and it changes nothing. I added a simple
"dir"
to the app and I can get that output but not the "net use"
output. I do know it has to do with the service as I said
because
when tomcat is started via the startup.bat it works great.
Maybe it is a Windows question but thought someone may have
had some
similar experience.
Thanks for eveyone's thoughts.
-Pat
You still have not answered how the mapping are being made in the
first place. Is the service account dynamically setting the
mapping
using net use, or through the Windows API? Are you relying on
static
mappings in the user account profile?
Hi Jeffrey,
The drive mapping are happening through the Windows Explorer
interface.
The file server is browsed and the shares on the file server are
mapped
by right-clicking the share, mapping it to a drive letter and I
check
the checkbox "Reconnect at logon". Then I start my app.
(I'm not using any user profiles.)
-Pat
Jeffrey Harris
Pat,
I do not think that will work for a service account. The drive
mappings are stored in the user profile,
and since I do not think service accounts access user profiles,
the service account will not remap
the drives when using the account to start a service (it will
when you actually log in interactively with
the account). You can try setting some custom environment
variables in the user profile (not the system profile)
and see if they are accessible by the service account using the
set command as a test to see if mapping
might be accessible.
What you probably need to do is actually set the drive mappings
using the Windows API dynamically when Tomcat starts,
or use UNCs. I know you want to display the drive mappings, but
you could fake the display by doing a net use >myfilemappings.txt
from the command line (when logged into the account), and just
calling the file to display the mappings. Obviously, if the
mappings change, you would have to redo the file.
I think those are your only options. You might want to do a
Google search and see if there is a way for
service accounts to use remembered mapped drives.
I routinely use "net use \\hostname\share" from inside programs
running as Windows Services (not in Java, though, but it should
not matter). "Drive letters" don't work.
The exact form I use is :
net use \\hostname\sharename <password> /USER:<userid>
And then later I can open/read/write/close files as "\\hostname
\sharename\filepath".
It works, but I have noticed one "quirk" in my programs : after
doing the "net use", the very first access to the share doesn't
work and returns an error. The second access and all subsequent
ones work though. I have no idea why this is, but I have just
adapted my programs to work around this issue (by doing a first
dummy access and ignoring the result), and never had any problem
since. (**)
To be able to do this, the Service *cannot* run as the LocalSystem
or LocalService user. By design in Windows, these special users do
not have access to any "Windows network" functions or resources.
Any "normal" user (*) will do, depending on the environment (such
as, if the current host is a member of a Windows Domain, and the
Windows network resource is defined in that domain, then the user
will need to be a Domain user; if the resource is a share on a
Linux Samba host e.g., then any user will do, as long as it is
known to Samba).
This all concerns only "Windows network" resources. Anything
accessed via standard TCP/IP protocols (HTTP, NFS, FTP, SSL..)
works, even when running as one of these special users.
As a not very precise technical definition, "Windows network
resources" are all the things like "shares" (network
directories), Windows network printers, anything that is accessed
via the SMB or CIFS protocol, anything that requires the usage of
a "workgroup" or "domain" name, etc.
(*) with one additional caveat : the user must be granted the
"right to run services".
(**) Maybe this is a hint to the OP : what happens if you ignore
the result of the first command call, and try the same command a
second time ?
And I agree : there a bit of hocus-pocus here, but then many
things are, in a Windows environment.
You are not hearing me. The drives are mapped and set to reconnect
at logon. Therefore if I reboot my machine the network drive
mapping are in place after
logging in. I *do not* try and map a drive from within my app. My
app has full access to the network shares as soon as my app is up.
No problem with network
shares and my app !
Well, only if your app is running on your computer though. As soon
as your app is moved somewhere else, it will stop working unless you
set up that computer the same way.
My app needs to read and write to those network
share to function and has no problems.
The problem is after I'm up and running, I try to run "cmd.exe /C
net use" from within the app it does not return any mapped drives.
it returns:
net use
New connections will be remembered.
There are no entries in the list.
Again, the return above happen only when running as a service but
works fine when tomcat starts from startup.bat in a console. Works
fine means
it returns drive letter, unc equivalent etc ... basically what you
normally see when you have mapped network drives and run "net use"
from cmd.exe.
It make no sense I know but I'm at a loss.
Yes, it does make sense. When something is running as a Service
under a given user-id, it does not have the same environment as when
you login to a computer with that same user-id.
The "service environment" is different from the "interactive login"
environment.
In how many ways exactly under Windows, I do not know; but many.
(One of the ways is that a Service does not have a console, while
your interactive session does; that alone already make a lot of
programs act differently. Another way is the permissions, which are
different between services and interactive users).
The crux of the matter is : if you want your Service (whatever
program it runs in whatever programming language) to have access to
certain resources, you should make sure that it is the service
itself which acquires/connect to these resources, and not rely on,
for example, "mappings" that have been made under another
environment, to be present in the service environment.
Think of it as follows : when you - personally - login to the
machine, you get a "session" under your user-id. And then inside
that session you run Tomcat, as an application, within that same
session.
When a service starts, it does its own login and it gets a different
"session", also under the same user-id, but a different session
anyway.
And there is nothing that says that everything that you have in your
interactive user session is automatically there in that (separate)
service session. And if anything is, it may just be a bug in this
particular Windows version, and may go away at the next version.
Hi Andre,
I do understand and well said. The bottom line is I cannot expect
"interactive" command calls to work like 'Service" based command calls
So "net use" can execute but not return the same results as an
interactive user. Dang !
Thanks for the WIndows lesson, the place I *thought* I knew well.
Pat
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org