[HDFS-3535] Audit logging should log denied accesses - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0-alpha
Fix Version/s: 2.0.2-alpha
Component/s: namenode
Labels:
None

Hadoop Flags:

Reviewed

Description

FSNamesystem.java logs an audit log entry when a user successfully accesses the filesystem:

      logAuditEvent(UserGroupInformation.getLoginUser(),
                    Server.getRemoteIp(),
                    "concat", Arrays.toString(srcs), target, resultingStat);

but there is no similar log when a user attempts to access the filesystem and is denied due to permissions. Competing systems do provide such logging of denied access attempts; we should too.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

hdfs-3535.txt
14/Jun/12 18:38
14 kB
Andy Isaacson
hdfs-3535-1.txt
18/Jun/12 22:33
22 kB
Andy Isaacson
hdfs-3535-2.txt
25/Jun/12 23:37
21 kB
Andy Isaacson

Activity

People

Assignee:: Andy Isaacson

Reporter:: Andy Isaacson

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 13/Jun/12 21:49

Updated:: 11/Oct/12 17:46

Resolved:: 26/Jun/12 18:18