[jira] [Commented] (HDFS-5040) Audit log for admin commands/ logging output of all DFS admin commands

[Brahma Reddy Battula (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HDFS-5040?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16092518#comment-16092518
 ] 

Brahma Reddy Battula commented on HDFS-5040:
--------------------------------------------

 *Comments for patch:* 

# ) Instead of {{checkPermissionsAndLogAuditEvent}}, can we name it as 
{{checkSuperuserPrivilege(String operationName)}} since this check will be for 
super user..?
# ) looks you missed success audit log for {{finalizeUpgrade}},only updated the 
failure case(ACE).
# ) a) {code}4342           String operationName = "safemode";{code}
can we have something like below,to know the exact action..?
String opName = action.toString().toLowerCase();
b) we might need to handle {{default:}} case also..? so better introduce one 
boolean variable..?
# ) checkSuperuserPrivilege() just move out of the writelock.
{code}
6162          try {
6163            checkOperation(OperationCategory.WRITE);
6164            checkNameNodeSafeMode("Cannot allow snapshot for " + path);
6165            checkSuperuserPrivilege();
6166            FSDirSnapshotOp.allowSnapshot(dir, snapshotManager, path);
6167            success = true;
6168          } finally {
6169            writeUnlock(operationName);
6170          }
6171        } catch (AccessControlException ace) {
6172          logAuditEvent(success, operationName, path, null, null);
6173          throw ace;
{code}
# ) Quota commands needs to handle for specific command.
# )  *Also Check for usages of {{checkSuperuserPrivilege()}}, wherever this is 
called, add audit logs for that RPC if not already there.also move 
checkSuperuserPrivilege() check even before obtaining any lock.* 
# ) Hope you'll add testcases.


> Audit log for admin commands/ logging output of all DFS admin commands
> ----------------------------------------------------------------------
>
>                 Key: HDFS-5040
>                 URL: https://issues.apache.org/jira/browse/HDFS-5040
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: namenode
>    Affects Versions: 3.0.0-alpha1
>            Reporter: Raghu C Doppalapudi
>            Assignee: Kuhu Shukla
>              Labels: BB2015-05-TBR
>         Attachments: HDFS-5040.001.patch, HDFS-5040.patch, HDFS-5040.patch, 
> HDFS-5040.patch
>
>
> enable audit log for all the admin commands/also provide ability to log all 
> the admin commands in separate log file, at this point all the logging is 
> displayed on the console.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org