This answer works on Debian (tested on lenny and squeeze). After investigation, it seems to work only thanks to a Debian patch; users of other distributions such as Ubuntu may be out of luck.
You can use mount --bind. Mount the “real” filesystem under a directory that's not publicly accessible. Make a read-only bind mount that's more widely accessible. Make a read-write bind mount for the part you want to expose with read-write access.
mkdir /media/hidden /media/hidden/sdz99
chmod 700 /media/hidden
mount /dev/sdz99 /media/hidden/sdz99
mount -o bind,ro /media/hidden/sdz99/world-readable /media/world-readable
mount -o bind /media/hidden/sdz99/world-writable /media/world-writable
In your use case, I think you can do:
mkdir /var/smb/hidden
mv /var/smb/snapshot /var/smb/hidden
mkdir /var/smb/snapshot
chmod 700 /var/smb/hidden
chmod 755 /var/smb/hidden/snapshot
mount -o bind,ro /var/smb/hidden/snapshot /var/smb/hidden/snapshot
I.e. put the real snapshot directory under a restricted directory, but give snapshot read permissions for everyone. It won't be directly accessible because its parent has restricted access. Bind-mount it read-only in an accessible location, so that everyone can read it through that path.
(Read-only bind mounts only became possible several years after bind mounts were introduced, so you might remember a time when they didn't work. I don't know offhand since when they work, but they already worked in Debian lenny (i.e. now oldstable).)
First and foremost, this is going to depend solely on your architecture, and customs.
I for instance mount things like this under /mnt. I know people that create top level directories, and people who put this stuff in /home. It all depends on what you're comfortable with. There is no distinct standard on this anymore, the architecture of the system has changed, and you have varying views now, on things that used to be 'gospel'. Things like /usr/local or /opt/share, rpm or source...you get the drift.
Secondly, if you re-read through your link at pathname.com, you'll notice the paragraph under /media that states
Rationale
Historically there have been a number
of other different places used to
mount removeable media such as /cdrom,
/mnt or /mnt/cdrom. Placing the mount
points for all removeable media
directly in the root directory would
potentially result in a large number
of extra directories in /. Although
the use of subdirectories in /mnt as a
mount point has recently been common,
it conflicts with a much older
tradition of using /mnt directly as a
temporary mount point.
So personally, I advocate /mnt/windows or some iteration of that. It keeps the top level dir free, and is simple and intuitive. When I'm looking through or auditing a system, that's where I look for mounts right off the bat.
Best Answer
I believe Debian and Ubuntu leave out write support for UFS when they compile their kernel, because the write support in the Linux UFS driver is not considered fully reliable. Rather than expose you to data loss if you mount a filesystem read-write, they prefer to warn you away.
If you want to use the Linux UFS driver for writing, you'll need to recompile a kernel, with read-write support enabled for UFS.
Alternatively, you could run a small installation FreeBSD in a virtual machine (QEMU/KVM, VirtualBox or whatever takes your fancy). Give the virtual machine access to your filesystem image as a raw disk image, mount the filesystem in the VM, and export it over NFS.