Map all the users inside the container to the host user

[shunkica]

Imagine a container with multiple services which run under different users inside the container. (eg mysql, apache, some random apps...) Each of these services requires a persistent volume.

When the container is ran in rootless mode, the host user running the container will not have permission to traverse inside the volumes from the host system ( eg: .local/share/containers/storage/volumes/container/_data ), because the owner of this directory on the host will be mapped to some number like 427780.

I can use UserNs keep-id to map the host user to a single user inside the container, but is there a way to map ALL the users inside the container to the same host user?

Or is there another way to ensure that the volume directories on the host will have the user running the container as the owner?

I realize I could do UIDMap 0:1000:1 1:1000:1 etc., but this is cumbersome, and more importantly not supported in container quadlet files on the podman version shipped with EL9.

[Luap99]

I realize I could do UIDMap 0:1000:1 1:1000:1

No you cannot, ID mappings are always 1 to 1, this is given by the kernel and not something that can be changed.

[rhatdan]

The user on the host can do a podman unshare to enter the User Namespace and then has the ability to manipulate the different directories.