No ideas here? On Wed, 11 Sep 2019 at 17:31, Francisco de Freitas <chicofranch...@gmail.com> wrote:
> HDFS version is 2.8.5 > > I recently updated my log4j.properties file to > > # Log at INFO level to DRFAAUDIT > > log4j.logger.org.apache.hadoop.hdfs.server.namenode.FSNamesystem.audit=INFO,DRFAAUDIT > # Do not forward audit events to parent appenders (i.e. namenode) > > log4j.additivity.org.apache.hadoop.hdfs.server.namenode.FSNamesystem.audit=false > # Configure local appender > log4j.appender.DRFAAUDIT=org.apache.log4j.DailyRollingFileAppender > log4j.appender.DRFAAUDIT.File=${hadoop.log.dir}/hdfs-audit.log > log4j.appender.DRFAAUDIT.DatePattern=.yyyy-MM-dd > log4j.appender.DRFAAUDIT.layout=org.apache.log4j.PatternLayout > log4j.appender.DRFAAUDIT.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n > > Running a simple ls as a normal user on the same node as the active one I > get a permission denied on the hdfs-audit.log > > hdfs dfs -ls / > log4j:ERROR setFile(null,true) call failed. > java.io.FileNotFoundException: /var/log/hadoop/hdfs-audit.log (Permission > denied) > at java.io.FileOutputStream.open0(Native Method) > at java.io.FileOutputStream.open(FileOutputStream.java:270) > at java.io.FileOutputStream.<init>(FileOutputStream.java:213) > at java.io.FileOutputStream.<init>(FileOutputStream.java:133) > at org.apache.log4j.FileAppender.setFile(FileAppender.java:294) > at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:165) > at > org.apache.log4j.DailyRollingFileAppender.activateOptions(DailyRollingFileAppender.java:223) > at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:307) > at > org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:172) > at > org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:104) > at > org.apache.log4j.PropertyConfigurator.parseAppender(PropertyConfigurator.java:842) > at > org.apache.log4j.PropertyConfigurator.parseCategory(PropertyConfigurator.java:768) > at > org.apache.log4j.PropertyConfigurator.parseCatsAndRenderers(PropertyConfigurator.java:672) > at > org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:516) > at > org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:580) > at > org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:526) > at org.apache.log4j.LogManager.<clinit>(LogManager.java:127) > at org.apache.log4j.Logger.getLogger(Logger.java:104) > at > org.apache.commons.logging.impl.Log4JLogger.getLogger(Log4JLogger.java:262) > at org.apache.commons.logging.impl.Log4JLogger.<init>(Log4JLogger.java:108) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:423) > at > org.apache.commons.logging.impl.LogFactoryImpl.createLogFromClass(LogFactoryImpl.java:1025) > at > org.apache.commons.logging.impl.LogFactoryImpl.discoverLogImplementation(LogFactoryImpl.java:844) > at > org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:541) > at > org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:292) > at > org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:269) > at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:657) > at org.apache.hadoop.fs.FsShell.<clinit>(FsShell.java:47) > > Running the same ls command from any other node (remotely) I don't get the > nasty permission denied exception. > > My user on the active NN doesn't belong to the hadoop group and > I obviously don't want that it's able to write to the file. > > Is there any way I can circumvent this exception from showing up? The > audit log gets written without any issues (for the LS query). >