From: Anoop C S <anoopcs@cryptolab.net>
Date: Thu, 4 Jun 2026 12:40:46 +0000 (+0530)
Subject: cephadm/smb: Bind mount /run with 0755
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c0fda141e7cdda63c0498fda78c7250cbf3e6374;p=ceph.git

cephadm/smb: Bind mount /run with 0755

The host side 'run' directory under /var/lib/ceph/<fsid>/<svc_dir> bind
mounted into SMB containers is created with mode 0770, preventing any
non owner processes from accessing unix domain sockets or named pipes
under /run. This breaks smbd to winbindd communication, causing SID to
name resolution failures for AD joined deployments. Therefore change
permissions to 0755 to match standard /run semantics.

Fixes: https://tracker.ceph.com/issues/77120
Signed-off-by: Anoop C S <anoopcs@cryptolab.net>
---

diff --git a/src/cephadm/cephadmlib/daemons/smb.py b/src/cephadm/cephadmlib/daemons/smb.py
index 0ebb37653d6..3026d6530b7 100644
--- a/src/cephadm/cephadmlib/daemons/smb.py
+++ b/src/cephadm/cephadmlib/daemons/smb.py
@@ -1055,7 +1055,7 @@ class SMB(ContainerDaemonForm):
         etc_samba_ctr = ddir / 'etc-samba-container'
         file_utils.makedirs(etc_samba_ctr, uid, gid, 0o770)
         file_utils.makedirs(ddir / 'lib-samba', uid, gid, 0o755)
-        file_utils.makedirs(ddir / 'run', uid, gid, 0o770)
+        file_utils.makedirs(ddir / 'run', uid, gid, 0o755)
         if self._files:
             file_utils.populate_files(data_dir, self._files, uid, gid)
         if self._tls_files: