Logging user actions

[Tanous, Ed]

> 
> It would be great if we weren't using D-Bus at all or if we had all user 
> interfaces connected to some central hub so that accounting information 
> was available to that hub and it could log all user requests before translating
> them further to D-Bus.
> 
> Don't IBM, Google, Intel and other big guys want to log user actions?
> It's quite strange to not have this functionality in OpenBMC and, what is
> more important, not have the architectural possibility to properly (in a single
> place) implement it. It feels like I'm just missing something.
> 
> Alexander.

Does Intel want our systems to be able to log user actions?  Yes.  With that said, I'm not really following why this couldn't be done over dbus, and why a "central hub" as you call it would make the task any easier.  Also, so you're aware, dbus-daemon (the entity that connects / authenticates and authorizes all dbus connections and messages) could very easily be called a "central hub" and could be patched to log every dbus action if that was the route you wanted to go down.

I don't really like DBus; I find it difficult to use, and more importantly difficult to teach to people.  But it's what we have today, and so far as I can tell, it is capable of serving the purposes we need it to serve, including the logging features we need to build in the future.  If you have a suggestion for a better IPC design, and are willing to move all of the existing daemons over to it, I'm sure some people would be willing to hear to you out, but I don't think logging being difficult to implement justifies that kind of major change for the project.

Can you expand a little on your comment that dbus doesn't have any accounting in its messages signals?  It has timing information, as well as user information.  Were you hoping for a "requested from interface" type field?  Today every daemon is running as root, and not authorizing as a specific system user, so that authorization info is not very useful, but that could be changed with a good understanding of the permissions system, and a good understanding of dbus, and by making the daemons run as non-root.  We are in the process of trying to do this anyway for bmcweb, albeit for different reasons, but the concept should be similar.

Another design that could be attempted could be to add a new signal named "user action" that we could plumb into all the user facing daemons that would populate the information to the logging daemon.  All the user-facing daemons would then be required to send that signal (either automatically via the sdbusplus bindings, or manually) on a user action.  While not the ideal solution, it seems like it would solve the problem with generating too many system internal events, and would make what we're logging very explicit.  Also, we could attach whatever information we see fit.

I'm sure other have ideas on how to make this work.  In short, I would much rather spend resources on making the current solution we have work for all use cases, even if it's not a beautiful architecture, than attempting to recreate what we have using another IPC.

-Ed