This is a bit of a race between ceph-volume and udev - if I force the perms to be correct by starting the ceph-volume systemd unit for an OSD:
$ getfacl /dev/ceph-4a94b8ca-bc68-4ac6-a5ec-dc10549af193/osd-block-4a94b8ca-bc68-4ac6-a5ec-dc10549af193 # file: dev/ceph-4a94b8ca-bc68-4ac6-a5ec-dc10549af193/osd-block-4a94b8ca-bc68-4ac6-a5ec-dc10549af193 # owner: ceph # group: ceph user::rw- group::rw- other::---
then re-trigger udev events for block devices:
$ udevadm trigger --subsystem-match=block --action=add $ getfacl /dev/ceph-4a94b8ca-bc68-4ac6-a5ec-dc10549af193/osd-block-4a94b8ca-bc68-4ac6-a5ec-dc10549af193 # file: dev/ceph-4a94b8ca-bc68-4ac6-a5ec-dc10549af193/osd-block-4a94b8ca-bc68-4ac6-a5ec-dc10549af193 # owner: root # group: disk user::rw- group::rw- other::---
you can see the permissions revert back to root/disk from ceph/ceph.
This is a bit of a race between ceph-volume and udev - if I force the perms to be correct by starting the ceph-volume systemd unit for an OSD:
$ getfacl /dev/ceph- 4a94b8ca- bc68-4ac6- a5ec-dc10549af1 93/osd- block-4a94b8ca- bc68-4ac6- a5ec-dc10549af1 93 4a94b8ca- bc68-4ac6- a5ec-dc10549af1 93/osd- block-4a94b8ca- bc68-4ac6- a5ec-dc10549af1 93
# file: dev/ceph-
# owner: ceph
# group: ceph
user::rw-
group::rw-
other::---
then re-trigger udev events for block devices:
$ udevadm trigger --subsystem- match=block --action=add 4a94b8ca- bc68-4ac6- a5ec-dc10549af1 93/osd- block-4a94b8ca- bc68-4ac6- a5ec-dc10549af1 93 4a94b8ca- bc68-4ac6- a5ec-dc10549af1 93/osd- block-4a94b8ca- bc68-4ac6- a5ec-dc10549af1 93
$ getfacl /dev/ceph-
# file: dev/ceph-
# owner: root
# group: disk
user::rw-
group::rw-
other::---
you can see the permissions revert back to root/disk from ceph/ceph.