Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-3535

Audit logging should log denied accesses

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0-alpha
    • Fix Version/s: 2.0.2-alpha
    • Component/s: namenode
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      FSNamesystem.java logs an audit log entry when a user successfully accesses the filesystem:

            logAuditEvent(UserGroupInformation.getLoginUser(),
                          Server.getRemoteIp(),
                          "concat", Arrays.toString(srcs), target, resultingStat);
      

      but there is no similar log when a user attempts to access the filesystem and is denied due to permissions. Competing systems do provide such logging of denied access attempts; we should too.

        Attachments

        1. hdfs-3535.txt
          14 kB
          Andy Isaacson
        2. hdfs-3535-1.txt
          22 kB
          Andy Isaacson
        3. hdfs-3535-2.txt
          21 kB
          Andy Isaacson

          Activity

            People

            • Assignee:
              adi2 Andy Isaacson
              Reporter:
              adi2 Andy Isaacson
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: