this post was submitted on 02 Oct 2025
27 points (100.0% liked)

Selfhosted

60707 readers
645 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

I am moving from Docker to rootless podman and one thing that's surprising to me is that podman can create files that my user is, seemingly, not allowed to even read, so I need root to backup them.

For example, this one created by the postgres service of immich:

-rw-------. 1 525286 525286 1.6K Oct 2 20:16 /var/home/railcar/immich/postgres/pg_stat_tmp/global.stat

Is this expected in general (not for immich in particular)? Is there a single solution to solve this of does it have to be built in the images? It really feels wrong that I can start a container that will create files I am not allowed to even read.

you are viewing a single comment's thread
view the rest of the comments
[–] Botzo@lemmy.world 1 points 9 months ago

It seems like the only time I encounter this oddness is when some upstream docker image maintainer has done a weird with users (I once went 3 image levels up to figure out what happened).

Or if I borrow a dockerfile and don't strip out the "nonroot" user hacks that got popularized years ago.