On Tue, 2 Mar 2010 15:15:49 -0500 Derrick Brashear <[email protected]> wrote:
> I still advocate the "no, the volume is trashed, we give you a high dv > and make the volume readonly" approach. if you lost the root vnode, > you're not really in good shape. But I'm unwilling to suggest it's the > "one true way" For clarification/context: the approach described is to encourage the user to only use the volume to copy data to a new volume, since the old one is fragile/trashed. (At least, that's my take; correct me if I'm wrong) I'm leaning towards agreeing with that, but I'm unsure if our "don't use this volume" sign is sufficiently big and flashy. We can log, and we can prevent writes (to clarify: you just mean via the root ACL, right?), but I'm pretty sure even then someone's going to use it anyway. We can only prevent self-foot-shooting so much... but would it be going too far to drop a file in the new root dir, that actually says to not use the volume? Since everything in the dir will be orphans, we shouldn't need to worry about colliding with another filename. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
