[jira] [Commented] (HDFS-9395) HDFS operations vary widely in which failures they put in the audit log and which they leave out

Tue, 09 Feb 2016 07:01:48 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-9395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15139027#comment-15139027
 ] 

Kuhu Shukla commented on HDFS-9395:
-----------------------------------

Thank you Vinayakumar. While making this change I also noticed the 
{{checkAccess}} method which logs only when there is an ACE and not for 
successful attempts. My concern is from an older JIRA, HDFS-6570.
{quote}
getAclStatus is probably the simplest method to look at for an example that 
does everything. Do you think we need to write to the audit log for this 
method? I'm thinking that we shouldn't, because the purpose of this method is 
to query whether or not the user has access.
{quote}

[~cnauroth], Request for some comments on the methods that dont log successful 
attempts like checkAccess and getAclStatus. Thanks a lot!

> HDFS operations vary widely in which failures they put in the audit log and 
> which they leave out
> ------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-9395
>                 URL: https://issues.apache.org/jira/browse/HDFS-9395
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Kihwal Lee
>            Assignee: Kuhu Shukla
>         Attachments: HDFS-9395.001.patch, HDFS-9395.002.patch, 
> HDFS-9395.003.patch, HDFS-9395.004.patch, HDFS-9395.005.patch
>
>
> So, the big question here is what should go in the audit log? All failures, 
> or just "permission denied" failures? Or, to put it a different way, if 
> someone attempts to do something and it fails because a file doesn't exist, 
> is that worth an audit log entry?
> We are currently inconsistent on this point. For example, concat, 
> getContentSummary, addCacheDirective, and setErasureEncodingPolicy create an 
> audit log entry for all failures, but setOwner, delete, and setAclEntries 
> attempt to only create an entry for AccessControlException-based failures. 
> There are a few operations, like allowSnapshot, disallowSnapshot, and 
> startRollingUpgrade that never create audit log failure entries at all. They 
> simply log nothing for any failure, and log success for a successful 
> operation.
> So to summarize, different HDFS operations currently fall into 3 categories:
> 1. audit-log all failures
> 2. audit-log only AccessControlException failures
> 3. never audit-log failures
> Which category is right?  And how can we fix the inconsistency



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to