diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index e8856a5d120f6..946e44abd236f 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -421,6 +421,11 @@ int Monitor::do_admin_command(
     cmd_getval(cmdmap, "devid", want_devid);
 
     string devname = store->get_devname();
+    if (devname.empty()) {
+      err << "could not determine device name for " << store->get_path();
+      r = -ENOENT;
+      goto abort;
+    }
     set<string> devnames;
     get_raw_devices(devname, &devnames);
     json_spirit::mObject json_map;
diff --git a/src/mon/MonitorDBStore.h b/src/mon/MonitorDBStore.h
index 515a047279781..c33d35e486d44 100644
--- a/src/mon/MonitorDBStore.h
+++ b/src/mon/MonitorDBStore.h
@@ -57,6 +57,10 @@ class MonitorDBStore
     return devname;
   }
 
+  std::string get_path() {
+    return path;
+  }
+
   std::shared_ptr<PriorityCache::PriCache> get_priority_cache() const {
     return db->get_priority_cache();
   }
diff --git a/systemd/ceph-mon@.service.in b/systemd/ceph-mon@.service.in
index b7c92f278e345..2eba83c3cc9bc 100644
--- a/systemd/ceph-mon@.service.in
+++ b/systemd/ceph-mon@.service.in
@@ -20,7 +20,10 @@ LockPersonality=true
 MemoryDenyWriteExecute=true
 # Need NewPrivileges via `sudo smartctl`
 NoNewPrivileges=false
-PrivateDevices=yes
+# We need access to block devices to check the health of the disk backing the
+# monitor DB store. It can be set to `true` if you're not interested in that
+# feature.
+PrivateDevices=false
 PrivateTmp=true
 ProtectControlGroups=true
 ProtectHome=true