[jira] [Commented] (HDFS-9395) Make HDFS audit logging consistant

Fri, 19 Feb 2016 06:50:55 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-9395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15154288#comment-15154288
 ] 

Kuhu Shukla commented on HDFS-9395:
-----------------------------------

Thanks [~vinayrpet] for the comments. 

{{setErasureCodingPolicy}} does a {{checkSuperuserPrivilege}} before the actual 
call. As per my understanding, in a case where ACE can occur, the audit log 
would still not be logged through the finally block but would be thrown when 
the check is made. So this is allowing only successful logging like it was 
previously. While going through methods that do checkSuperuserPrivilege, I saw 
most of them don't log ACEs( eg. finalizeRollingUpgrade) but some do like 
{{createEncryptionZone}}. Should we be fixing those as well, and if yes, do we 
log the ACE? 
For example , in {{allowSnapshot}} and {{disallowSnapshot}} only successful 
ones are logged.

> Make HDFS audit logging consistant
> ----------------------------------
>
>                 Key: HDFS-9395
>                 URL: https://issues.apache.org/jira/browse/HDFS-9395
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Kihwal Lee
>            Assignee: Kuhu Shukla
>         Attachments: HDFS-9395.001.patch, HDFS-9395.002.patch, 
> HDFS-9395.003.patch, HDFS-9395.004.patch, HDFS-9395.005.patch, 
> HDFS-9395.006.patch
>
>
> So, the big question here is what should go in the audit log? All failures, 
> or just "permission denied" failures? Or, to put it a different way, if 
> someone attempts to do something and it fails because a file doesn't exist, 
> is that worth an audit log entry?
> We are currently inconsistent on this point. For example, concat, 
> getContentSummary, addCacheDirective, and setErasureEncodingPolicy create an 
> audit log entry for all failures, but setOwner, delete, and setAclEntries 
> attempt to only create an entry for AccessControlException-based failures. 
> There are a few operations, like allowSnapshot, disallowSnapshot, and 
> startRollingUpgrade that never create audit log failure entries at all. They 
> simply log nothing for any failure, and log success for a successful 
> operation.
> So to summarize, different HDFS operations currently fall into 3 categories:
> 1. audit-log all failures
> 2. audit-log only AccessControlException failures
> 3. never audit-log failures
> Which category is right?  And how can we fix the inconsistency



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to