I've been tasked with turning many volumes on our site read-only. What I've come up with is, I would like to unmount existing read-write volumes and mount their readonly .backup volume in their place.
This appears to work well from an OpenAFS standpoint, and when exported via sftp or our web service, everything works as you might expect, you may browse and read and copy files out of a given volume, but not write, delete, insert or modify anything. The trouble comes in (as always) with our Samba service. We sit Samba on top of OpenAFS to serve our users, who have not wanted to install the OpenAFS client. It works as well as you might hope, but not for readonly volumes in OpenAFS -- if you map a drive in Windows or Mac OS X, you may browse the files, but any operation at all that involves reading fails with errors. This linkage between OpenAFS and Samba has always been the main problem with our service, and while I recognize that this is a Samba problem, I hoped that someone else here might have had experience with a similar setup and could help me find a way to tell Samba to work properly with those readonly volumes. Unfortunately, it's not practical to tell our users to use the OpenAFS client once their volume is readonly, and there isn't much motivation for them to do so because once this happens, they will really just have that access to get data off the service anyway. Thanks for any help! Chris -- E. Christine Garrison Indiana University Research Technologies Research Storage
