Re: Review Request 73129: RANGER-3148: Ranger HDFS plugin to audit chmod and chown operations

Ramesh Mani Wed, 07 Apr 2021 12:30:42 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73129/
-----------------------------------------------------------


(Updated April 7, 2021, 7:30 p.m.)


Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
-------

Updated patch to implement denyUserAccess


Bugs: RANGER-3148
    https://issues.apache.org/jira/browse/RANGER-3148


Repository: ranger


Description
-------

RANGER-3148: Ranger HDFS plugin to audit chmod and chown operations


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java
 31e4c0f4e 
  
hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
 63e84728d 


Diff: https://reviews.apache.org/r/73129/diff/6/

Changes: https://reviews.apache.org/r/73129/diff/5-6/


Testing (updated)
-------

- Verified in local vm for auditing.
- Following operations and its auditing are covered.

1) chmod ->  Allow and deny gets audited fine for all the calls.
2) chown  -> Deny gets audited for the file not owned by the same user who runs 
the command.
3) Addressed audit log for SuperUsers -> implemented denyUserAccess and 
checkSuperUserPermissionWithContext


Thanks,

Ramesh Mani

Re: Review Request 73129: RANGER-3148: Ranger HDFS plugin to audit chmod and chown operations

Reply via email to