Bug 63759

Summary: Unable to launch uninstaller: insufficient permissions to access Uninstall.exe
Product: Tomcat 9 Reporter: Konstantin Kolinko <knst.kolinko>
Component: PackagingAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: regression    
Priority: P2    
Version: 9.0.26   
Target Milestone: -----   
Hardware: PC   
OS: All   

Description Konstantin Kolinko 2019-09-21 15:29:40 UTC
Operating System: Windows 10 1903 Home

Steps to reproduce:

1. Run a Tomcat installer for MS Windows. I know that the issue is reproducible with the following versions:

apache-tomcat-9.0.26.exe
apache-tomcat-9.0.24.exe
apache-tomcat-9.0.23.exe

apache-tomcat-8.5.46.exe
apache-tomcat-8.5.45.exe
apache-tomcat-8.5.44.exe

apache-tomcat-7.0.96.exe
apache-tomcat-7.0.95.exe

The issue is not reproducible with 7.0.94, 8.5.43, 9.0.22, thus it is a regression.

2. Click through the installer.

Choose a version of Java as appropriate.
On the last screen uncheck both checkboxes
[ ] Run Apache Tomcat
[ ] Show Readme

3. Open MS Windows Parameters application,
go to "Applications"
go to a list of installed applications.

4. Try to uninstall the installed version of Tomcat.

Expected behaviour: successful uninstallation. 

4.1. Windows asks for confirmation "This application and all its data will be deleted". I press OK.

4.2. Windows displays a dialog box asking for elevated permissions.

4.3. The Tomcat uninstaller displays a dialog box "Uninstalling from: [file path]" and an "Uninstall" button that launches the actual uninstallation.

4.4. I press the "Uninstall" button and wait while Tomcat is being uninstalled.

Actual behaviour: Windows fails to launch the uninstaller.

4.1. Windows asks for confirmation "This application and all its data will be deleted". I press OK.

4.2. An error box is displayed that says that
"Windows cannot access the specified drive, path or file" for file
C:\Program Files\Apache Software Foundation\Tomcat 9.0\Uninstall.exe

(Disclaimer: The this and the following message boxes I am translating from my local language. I do not know what is the actual text of the message in English versions of Windows 10).

5. Note that the list of installed applications in Windows does not use "Tomcat" icon for Apache Tomcat, but some default "rectangular box" icon.

If you install a version that does not have this bug, a proper Tomcat icon is displayed there.

WORKAROUND

The problem is fixed if I manually change the permissions for the "Tomcat 9.0" directory to make it readable for my user.

Microsoft Windows promptly changes the permissions for me if I try to visit the directory. Thus the steps are rather easy:

1. Launch File Explorer (e.g. with keyboard shortcut: Win + E).

2. Go to
C:\Program Files\Apache Software Foundation\

(Click on address bar and copy-paste the address there)

3. Click on "Tomcat 9.0" folder.

4. Windows displays a dialog box that says

"You do not have permissions to access this folder.

To get permanent access to this folder, press "Continue" button."

With two buttons: [ {a shield icon} "Continue" ] [ Cancel ]

5. Press the "Continue" button.

6. The permissions for the "Tomcat 9.0" folder are silently changed so that it becomes readable.

7. Now, Tomcat can be successfully uninstalled.
Comment 1 Mark Thomas 2019-09-23 13:59:18 UTC
This looks like a result of the permissions changes made for bug 55969. This side-effect was discussed in that bug although no mitigation was put in place.

I'm reluctant to make the whole installation readable to the current user but I do think there is an argument for making "Uninstall.exe" and "tomcat.ico" readable to all users / the current user depending on the option chosen for "Create shortcuts for all users"
Comment 2 Mark Thomas 2019-09-24 11:51:45 UTC
Having worked on this a bit I think there is a simpler option.

Make the icon file readable and the uninstaller readable/executable for all authenticated users.

Being able to execute the uninstaller isn't a privilege escalation as a) it will request admin privs and b) you still need privs to remove the service and/or installed files.

This approach is much simpler to implement (it doesn't need to determine current user or vary depending on the option chosen for "Create shortcuts for all users".

I should be in a position to commit a fix along these lines shortly.
Comment 3 Mark Thomas 2019-09-24 17:08:50 UTC
Fixed in:
- master for 9.0.27 onwards
- 8.5.x for 8.5.47 onwards
- 7.0.x for 7.0.97 onwards