Return-Path: X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B4BCD9324 for ; Sat, 23 Jun 2012 20:39:43 +0000 (UTC) Received: (qmail 89930 invoked by uid 500); 23 Jun 2012 20:39:43 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 89888 invoked by uid 500); 23 Jun 2012 20:39:43 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 89876 invoked by uid 99); 23 Jun 2012 20:39:43 -0000 Received: from issues-vm.apache.org (HELO issues-vm) (140.211.11.160) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 23 Jun 2012 20:39:43 +0000 Received: from isssues-vm.apache.org (localhost [127.0.0.1]) by issues-vm (Postfix) with ESMTP id 6D65814167A for ; Sat, 23 Jun 2012 20:39:43 +0000 (UTC) Date: Sat, 23 Jun 2012 20:39:43 +0000 (UTC) From: "Eli Collins (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: <1115819008.48183.1340483983450.JavaMail.jiratomcat@issues-vm> In-Reply-To: <620799304.13758.1339624182895.JavaMail.jiratomcat@issues-vm> Subject: [jira] [Commented] (HDFS-3535) audit logging should log denied accesses as well as permitted ones MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-3535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13400054#comment-13400054 ] Eli Collins commented on HDFS-3535: ----------------------------------- Forgot to mention, in TestAuditLogs use @Before and @After to setup/teardown cluster and fs in one place (see other tests for an example) > audit logging should log denied accesses as well as permitted ones > ------------------------------------------------------------------ > > Key: HDFS-3535 > URL: https://issues.apache.org/jira/browse/HDFS-3535 > Project: Hadoop HDFS > Issue Type: New Feature > Components: name-node > Affects Versions: 2.0.0-alpha > Reporter: Andy Isaacson > Assignee: Andy Isaacson > Attachments: hdfs-3535-1.txt, hdfs-3535.txt > > > FSNamesystem.java logs an audit log entry when a user successfully accesses the filesystem: > {code} > logAuditEvent(UserGroupInformation.getLoginUser(), > Server.getRemoteIp(), > "concat", Arrays.toString(srcs), target, resultingStat); > {code} > but there is no similar log when a user attempts to access the filesystem and is denied due to permissions. Competing systems do provide such logging of denied access attempts; we should too. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira