I will begin a data migration for a cluster that has shares available via SMB and NFS.
Is there a way to make the share into read-only without touching NFS or SMB permissions?
I need permissions to stay in tact for migration.
I was thinking of something similar to what SyncIQ does, without necessarily using SyncIQ.
How can I enable and disable that read-only state?
I am not seeing any other way other than using SyncIQ to have the directory read only.
Please let us know if you have any other questions.
Problem is that I cannot set the source and target destination to the same.
Therefore, is there any way I can manually set the lock on a specific directory and its subfolders and files.
The reason being is that I need to lock it (or make it entirely read only) so that users cannot continue to save data/files there as it is no longer their main storage area. However, I cannot yet touch ACLs as I need them for data migration purposes to assign on new file system.
I mean, I wouldn't mind denying full control to everyone at top level, but inheritance will allow explicit allow permissions at some levels.
with OneFS you can restrict access at the NFS export or SMB share protocol level, without touching the permissions in the actual file system.
For read-only permissions with NFS, the syntax is quite straightforward:
isi nfs exports modify ID_OF_YOUR_EXPORT --read-only true
Same with an SMB share requires a bit more digging into the syntax of the "isi smb" command:
isi smb shares permission modify NAME_OF_YOUR_SHARE --wellknown Everyone --permission-type allow --permission read
Peter, thanks for your commands for making SMB Share and NFS Share Read-Only. Is there a similar command to just make a directory RO as well (Directory is part of a share but don't want to make the entire Share RO)
Not as such.
If you are willing to think far outside the box, you could try leveraging snapshots, which are readonly by design in OneFS.
take a snapshot
rename the subdir in question to subdir.NOACCESS and remove all permissions on the folder level.
"re-introduce" the subdir as a symbolic link to the instance of the subdir within the snapshot folder.