From 031e900c7d63781f6adbd987b1fb38296a9ccd2e Mon Sep 17 00:00:00 2001
From: Felix Prasse <1330854+flx5@users.noreply.github.com>
Date: Mon, 28 Apr 2025 21:05:41 +0200
Subject: [PATCH] doc: Update cephfs caps

When cephfs is used with encryption an exclusive lock is acquired. This
needs the execute permission on the metadata pool.

Fixes: #4728
Signed-off-by: Felix Prasse <1330854+flx5@users.noreply.github.com>
---
 docs/capabilities.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/capabilities.md b/docs/capabilities.md
index 00ca21472..fa8c695c5 100644
--- a/docs/capabilities.md
+++ b/docs/capabilities.md
@@ -28,7 +28,7 @@ capabilities:
 
 ```
 mgr "allow rw"
-osd "allow rw tag cephfs metadata=cephfs, allow rw tag cephfs data=cephfs"
+osd "allow rwx tag cephfs metadata=cephfs, allow rw tag cephfs data=cephfs"
 mds "allow r fsname=cephfs path=/volumes, allow rws fsname=cephfs path=/volumes/csi"
 mon "allow r fsname=cephfs"
 ```
@@ -63,7 +63,7 @@ FS_NAME=cephfs
 SUB_VOL=csi
 ceph auth get-or-create client.$USER \
   mgr "allow rw" \
-  osd "allow rw tag cephfs metadata=$FS_NAME, allow rw tag cephfs data=$FS_NAME" \
+  osd "allow rwx tag cephfs metadata=$FS_NAME, allow rw tag cephfs data=$FS_NAME" \
   mds "allow r fsname=$FS_NAME path=/volumes, allow rws fsname=$FS_NAME path=/volumes/$SUB_VOL" \
   mon "allow r fsname=$FS_NAME"
 ```