On Tue, Mar 2, 2010 at 3:47 PM, Andrew Deason <[email protected]> wrote: > On Tue, 2 Mar 2010 15:15:49 -0500 > Derrick Brashear <[email protected]> wrote: > >> I still advocate the "no, the volume is trashed, we give you a high dv >> and make the volume readonly" approach. if you lost the root vnode, >> you're not really in good shape. But I'm unwilling to suggest it's the >> "one true way" > > For clarification/context: the approach described is to encourage the > user to only use the volume to copy data to a new volume, since the old > one is fragile/trashed. (At least, that's my take; correct me if I'm > wrong)
Correct. > I'm leaning towards agreeing with that, but I'm unsure if our "don't use > this volume" sign is sufficiently big and flashy. We can log, and we can > prevent writes (to clarify: you just mean via the root ACL, right?), but > I'm pretty sure even then someone's going to use it anyway. That'd be a start; we could certainly go further. > We can only prevent self-foot-shooting so much... but would it be going > too far to drop a file in the new root dir, that actually says to not > use the volume? Since everything in the dir will be orphans, we > shouldn't need to worry about colliding with another filename. That seems reasonable, namely, we could make it be the only file whose name does *not* contain ORPHAN. _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
