Do not expose INI files nor input data files
The input data files as well as the ini files should never be exposed to the data users (either through THREDS or directly as downloads): the INI files might contain password or credentials to access the data (such as S3 credentials or DB passwords).