tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Windows Service Security
Date Wed, 31 Oct 2012 21:04:02 GMT
Cédric Couralet wrote:
>> Bill,
>>
>> - create a local user, e.g. "tomcat"
>> - stop Tomcat
>> - use whatever path the Microsoft geniuses have invented this week to
>> reach the Services applet
>> - search for the "Apache Tomcat" Service
>> - right click on it and select Settings or Properties (ditto)
>> - in the tab "Login as" (or ditto), change the account to the one you just
>> created
>> - before you restart Tomcat, make sure that all it's files/directories can
>> be read/written by this user
>> - then restart Tomcat
>>
>> As long as the Tomcat process (and any of its webapps) does not need any
>> Windows network resources (network "shares" or printers or the like),
>> you'll be fine.
>> If you need any of these, then you'll have to use a Domain user instead of
>> a local one.
>>
>> (Note that Tomcat probably does not need any of those, since it was
>> running fine as "LocalSystem" and that user does not have access to Windows
>> network resources either).
>>
>>
>>
> 
> Or you can use one of the two built in accounts in Windows 2008 (and
> possibly Windows 2003) : "Local Service" and "Network Service".
> 
>>From what I have seen, these two accounts are simple users on the computer
> (with some extended right for accessing network share for "Network
> Service"). They have no administratives right on the system, so you have to
> allow them read or write access on the different folder where tomcat might
> read or write.
> 
> Documentation for these accounts can be found here :
> http://msdn.microsoft.com/en-us/library/windows/desktop/ms686005(v=vs.85).aspx
> 

Maybe as a suggestion for the people who make the installers for Tomcat/Windows ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message