From de8c148a2f99db3a1dc4eb70a19aca19a0e9bacf Mon Sep 17 00:00:00 2001
From: Zac Dover <zac.dover@proton.me>
Date: Wed, 2 Jul 2025 22:29:48 +1000
Subject: [PATCH] doc/rados/ops: add caps restore command

Add a command that restores caps to client.admin after they have been
accidentally destroyed or removed.

Fixes: https://tracker.ceph.com/issues/23594

Signed-off-by: Zac Dover <zac.dover@proton.me>
---
 doc/rados/operations/user-management.rst | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/doc/rados/operations/user-management.rst b/doc/rados/operations/user-management.rst
index cd8e378fa9d2d..6a0eae9b54b32 100644
--- a/doc/rados/operations/user-management.rst
+++ b/doc/rados/operations/user-management.rst
@@ -336,6 +336,17 @@ The following entries describe valid capability profiles:
               with the manager ``crash`` module to upload daemon crash
               dumps into monitor storage for later analysis.
 
+.. important:: If you run the command ``ceph auth caps client.admin mgr
+   'allow*'``, you will remove necessary capabilities from ``client.admin``. To
+   repair this, run a command of the following form from within the
+   ``/var/lib/ceph/mon/<monitor_name>`` directory:
+
+      .. prompt:: bash #
+
+         ceph -n mon. --keyring keyring auth caps client.admin mds 'allow *' osd 'allow *' mon 'allow *'
+
+
+
 Pool
 ----
 
-- 
2.39.5