Details
Major Description
Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted two ACLs.
Repro at Tomcat9 directory on Admin Command Prompt (not Admin PowerShell).
> ren logs logs1
> md logs
> icacls logs
logs NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(M)
> bin\tomcat9.exe //US/Tomcat9
> icacls logs
logs NT AUTHORITY\LOCAL SERVICE:(RX,W)
NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(M)
> bin\tomcat9.exe //US/Tomcat9
> icacls logs
logs NT AUTHORITY\LOCAL SERVICE:(RX,W)
NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE)
NT AUTHORITY\LOCAL SERVICE:(RX,W)
NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(M)
> for /l %i in (1,0,1) do bin\tomcat9.exe //US/Tomcat9
: (...after 1000-2000 times...)
[2022-11-18 17:46:20] [warn] [ 2456] Failed to grant service user 'NT AUTHORITY\LocalService' write permissions to log path '<full/path/to/tomcat9>\logs' due to error '1340: The inherited access control list (ACL) or access control entry (ACE) could not be built.'
:
> icacls logs
logs NT AUTHORITY\LOCAL SERVICE:(RX,W)
NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE)
NT AUTHORITY\LOCAL SERVICE:(RX,W)
NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE)
NT AUTHORITY\LOCAL SERVICE:(RX,W)
NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE)
NT AUTHORITY\LOCAL SERVICE:(RX,W)
NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE)
NT AUTHORITY\LOCAL SERVICE:(RX,W)
:
NT AUTHORITY\LOCAL SERVICE:(RX,W)
NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(M)