Last active
January 30, 2026 11:05
-
-
Save gabyx/25a901f64f581a1e3c40d6e1be168ac0 to your computer and use it in GitHub Desktop.
Rootless Podman auto adjust the permissions when using `--userns=keep` on volumes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # This demonstrates that podman (rootless) | |
| # `--userns=keep-id` will auto set permissions of mounted volumes to the user. | |
| set -eu -o pipefail | |
| if podman info | yq ".host.security.rootless" | grep -q "true"; then | |
| echo "--> Your are running ROOTLESS podman." | |
| else | |
| echo "--> Your are running ROOTFUL podman." | |
| fi | |
| podman build --no-cache -t "test:latest" -f <( | |
| cat <<EOF | |
| FROM ubuntu:latest | |
| # Create user and group ci | |
| RUN useradd -d /home/ci -U ci | |
| RUN echo "Groups:" && cat /etc/group | tail -1 | |
| RUN echo "Passwd:" && cat /etc/passwd | tail -1 | |
| EOF | |
| ) | |
| echo | |
| echo "--> Create root files." | |
| podman run -it -v test-vol:/work \ | |
| -w /work test:latest bash -c "echo 'Bingo it works!' > A && chmod 700 A && ls -aln A" | |
| echo | |
| echo "--> List files as user 'ci' does not work when not run with keep-id." | |
| podman run -it \ | |
| --user ci \ | |
| -v test-vol:/work \ | |
| -w /work test:latest bash -c 'echo User: $(id) && ls -aln A && cat A' || true | |
| echo | |
| echo "--> List files as user 'ci' with 'keep-id'." | |
| podman run -it --userns=keep-id:uid=1001,gid=1001 \ | |
| --user ci \ | |
| -v test-vol:/work \ | |
| -w /work test:latest bash -c 'echo User: $(id) && ls -aln A && cat A' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment