I am moving from Docker to rootless podman and one thing that’s surprising to me is that podman can create files that my user is, seemingly, not allowed to even read, so I need root to backup them.
For example, this one created by the postgres service of immich:
-rw-------. 1 525286 525286 1.6K Oct 2 20:16 /var/home/railcar/immich/postgres/pg_stat_tmp/global.stat
Is this expected in general (not for immich in particular)? Is there a single solution to solve this of does it have to be built in the images? It really feels wrong that I can start a container that will create files I am not allowed to even read.
Sounds legit to me. Padman could be seen as a separate Unix system or the programs to live in, and therefore would have its own set of user and group IDs. As long as the created files have permissions that are different from The host permissions and they will still be inaccessible without some permission manipulation.