hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kuhu Shukla (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-9395) HDFS operations vary widely in which failures they put in the audit log and which they leave out
Date Mon, 08 Feb 2016 06:11:40 GMT

    [ https://issues.apache.org/jira/browse/HDFS-9395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15136623#comment-15136623

Kuhu Shukla commented on HDFS-9395:

Failing tests from last pre-commit were mostly due to timeouts and irreproducible locally.
Requoting my comments from patch upload.
{quote}Updated patch with changes to cachepool and other methods that need to follow the decided
scheme with test. I have a few questions: 
1. for methods like getSnapshottableDirListing and listCachePools I am not sure how to make
it throw an AccessControlException since it lists contents for the filesystem user itself.

2. for isFileClosed() we never logged the successful operation, should we do that now, or
will it be too noisy?
3. for finalizeRollingUpgrade, the superuser privilege is already checked so I did not add
the ACE try-catch block. Is that correct?
Requesting comments from [~kihwal],[~daryn], [~cmccabe]. Thanks a lot!

> HDFS operations vary widely in which failures they put in the audit log and which they
leave out
> ------------------------------------------------------------------------------------------------
>                 Key: HDFS-9395
>                 URL: https://issues.apache.org/jira/browse/HDFS-9395
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Kihwal Lee
>            Assignee: Kuhu Shukla
>         Attachments: HDFS-9395.001.patch, HDFS-9395.002.patch, HDFS-9395.003.patch, HDFS-9395.004.patch
> So, the big question here is what should go in the audit log? All failures, or just "permission
denied" failures? Or, to put it a different way, if someone attempts to do something and it
fails because a file doesn't exist, is that worth an audit log entry?
> We are currently inconsistent on this point. For example, concat, getContentSummary,
addCacheDirective, and setErasureEncodingPolicy create an audit log entry for all failures,
but setOwner, delete, and setAclEntries attempt to only create an entry for AccessControlException-based
failures. There are a few operations, like allowSnapshot, disallowSnapshot, and startRollingUpgrade
that never create audit log failure entries at all. They simply log nothing for any failure,
and log success for a successful operation.
> So to summarize, different HDFS operations currently fall into 3 categories:
> 1. audit-log all failures
> 2. audit-log only AccessControlException failures
> 3. never audit-log failures
> Which category is right?  And how can we fix the inconsistency

This message was sent by Atlassian JIRA

View raw message