Description of problem:
Implement per-directory read-only access and make it possible to configure through cli/gfapi.
Could you explain why POSIX ACLs would not be sufficient? Maybe you can explain it best by the use-case you have.
What kind of API do you expect? What are the requirements on how/when the directory should be read-only? I guess this should be recursive as well?
The use case we needed this feature for is not relevant any more, we can close the bug.