cephadm/smb: Bind mount /run with 0755

The host side 'run' directory under /var/lib/ceph/<fsid>/<svc_dir> bind
mounted into SMB containers is created with mode 0770, preventing any
non owner processes from accessing unix domain sockets or named pipes
under /run. This breaks smbd to winbindd communication, causing SID to
name resolution failures for AD joined deployments. Therefore change
permissions to 0755 to match standard /run semantics.

Fixes: https://tracker.ceph.com/issues/77120
Signed-off-by: Anoop C S <anoopcs@cryptolab.net>

diff --git a/src/cephadm/cephadmlib/daemons/smb.py b/src/cephadm/cephadmlib/daemons/smb.py
index 0ebb37653d6ab74cd219795fa9ef4ebf9025b130..3026d6530b7d468e0b89162d4bc63f9fc7995ae5 100644 (file)
--- a/src/cephadm/cephadmlib/daemons/smb.py
+++ b/src/cephadm/cephadmlib/daemons/smb.py
@@ -1055,7 +1055,7 @@ class SMB(ContainerDaemonForm):
         etc_samba_ctr = ddir / 'etc-samba-container'
         file_utils.makedirs(etc_samba_ctr, uid, gid, 0o770)
         file_utils.makedirs(ddir / 'lib-samba', uid, gid, 0o755)
-        file_utils.makedirs(ddir / 'run', uid, gid, 0o770)
+        file_utils.makedirs(ddir / 'run', uid, gid, 0o755)
         if self._files:
             file_utils.populate_files(data_dir, self._files, uid, gid)
         if self._tls_files: