fix(docker): add netdata user to nvidia device group on non-Debian systems #21358
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
area/packaging
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes GPU monitoring on non-Debian systems by ensuring the netdata user has access to NVIDIA device files. On distributions like openSUSE, NVIDIA devices are restricted to a specific group (e.g., video) instead of being world-readable as on Debian/Ubuntu.
Key Changes:
- Added
add_netdata_to_nvidia_group()function to dynamically add netdata user to the NVIDIA device group - Function checks
/dev/nvidiactlownership and adds netdata to that group if it's not root-owned
Comments suppressed due to low confidence (1)
packaging/docker/run.sh:29
- Corrected spelling of 'apend' to 'append' in the usermod flag. This is an existing bug in the Proxmox function that should be fixed. The new nvidia function correctly uses '--append' on line 55.
if ! usermod --apend --groups "${group_guid}" "${DOCKER_USR}"; then
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
1 issue found across 1 file
Prompt for AI agents (all 1 issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="packaging/docker/run.sh">
<violation number="1" location="packaging/docker/run.sh:55">
`usermod` is called with the numeric GID instead of the group name, so adding the netdata user to the NVIDIA device group fails and GPU monitoring remains broken.</violation>
</file>
Reply to cubic to teach it or ask questions. Re-run a review with @cubic-dev-ai review this PR
stelfrag
approved these changes
Nov 27, 2025
Merged
stelfrag
pushed a commit
to stelfrag/netdata
that referenced
this pull request
Dec 1, 2025
…stems (netdata#21358) (cherry picked from commit 5920582)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #21353
On Debian/Ubuntu, NVIDIA device files are world-readable (crw-rw-rw-), so netdata can access them without special permissions:
However, on some distributions like openSUSE Leap 15.6, these devices are owned by the video group with restricted permissions (crw-rw----):
This causes GPU monitoring to fail because the netdata user cannot access the device.
This PR adds the
netdatauser to the group that owns/dev/nvidiactl(if it's not root), following the same pattern used for Proxmox configuration files access.Test Plan
Additional Information
For users: How does this change affect me?
Summary by cubic
Ensure Netdata can access NVIDIA device files on non-Debian systems by adding the netdata user to the device’s group at container startup. Fixes broken GPU monitoring on distros where /dev/nvidiactl is group-restricted (e.g., openSUSE).
Written for commit 7a7d986. Summary will update automatically on new commits.