Comment 2 for bug 1767087

This is a bit of a race between ceph-volume and udev - if I force the perms to be correct by starting the ceph-volume systemd unit for an OSD:

$ getfacl /dev/ceph-4a94b8ca-bc68-4ac6-a5ec-dc10549af193/osd-block-4a94b8ca-bc68-4ac6-a5ec-dc10549af193
# file: dev/ceph-4a94b8ca-bc68-4ac6-a5ec-dc10549af193/osd-block-4a94b8ca-bc68-4ac6-a5ec-dc10549af193
# owner: ceph
# group: ceph
user::rw-
group::rw-
other::---

then re-trigger udev events for block devices:

$ udevadm trigger --subsystem-match=block --action=add
$ getfacl /dev/ceph-4a94b8ca-bc68-4ac6-a5ec-dc10549af193/osd-block-4a94b8ca-bc68-4ac6-a5ec-dc10549af193
# file: dev/ceph-4a94b8ca-bc68-4ac6-a5ec-dc10549af193/osd-block-4a94b8ca-bc68-4ac6-a5ec-dc10549af193
# owner: root
# group: disk
user::rw-
group::rw-
other::---

you can see the permissions revert back to root/disk from ceph/ceph.