On Thu, Mar 19, 2009 at 11:36:01AM -0400, Steve Simmons wrote: > > On Nov 23, 2008, at 4:17 PM, Jason Edgecombe wrote: > > >I admit that we have had a few cases where exiting users give a > >buddy admin rights on their volume before leaving. We had one case > >where the buddy begged us to recover files from the original user's > >account, but we could not legally do that. > > > >Is there some way to flip a bit and disable all writes on a R/W > >volume? Clobbering the ACL's on the volume would do this, but > >undoing that would not be trivial for users who leave and return. > > > >If we want to allow a negative quota to disable all writes, then I > >propose that we only allow -1. Then again, 1 is almost as effective > >assuming that the volume has a few files in it. > > Flip a bit, no. But you can effectively do it with more work: > > Back up the volume using vos dump > Remove the volume > Do vos restore using the -readonly switch. The restored volume is > readonly, has the original name, and is parent-less.
Although this always felt messy to me, since it seems to confuse vos (which then confuses me). But I'm easily confused. I was bored one evening and looked at what it would take to make what I called an "administratively read-only volume". It seemed to me at a quick glance it wouldn't take much. I should look at that again. Looking at my notes, my wild guess was that it would simply be setting a flag, and then every place where the fileserver checks for "readonlyServer" do another check for this flag and return VREADONLY as well. But, again, this was just my wild guess, I hadn't actually gotten anywhere with it. The other option is to use the -readonly flag to the fileserver, which I believe would get you what you want, if you want to live with having to maintain a fileserver just for readonly volume. -- Thomas L. Kula | [email protected] | http://kula.tproa.net/ _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
