Rootless access to container created by root

[dj-mc]

I have a podman image running in a container created by root, and I want a non-root user to be able to use podman ps and podman exec -i to interact with said container, but the rootless user namespace feature prevents this. I've added sudoers.d rules to allow multiple non-root users to call podman as sudo, and added UIDs/GIDs values that the rootless mode help page asked for.

I get:
Error: creating events dirs: mkdir /run/user/512168508: permission denied
This used to work fine on docker before migrating to podman.

[rhatdan]

Docker only runs as root and allows rootless users to interact with the docker.sock if they are in the docker group. I wrote years ago that this was the most dangerous thing you can do on linux.

https://projectatomic.io/blog/2015/08/why-we-dont-let-non-root-users-run-docker-in-centos-fedora-or-rhel/

I would advise you to just allow users to run sudo podman exec -i or sudo podman ps. If you want the same feature as Docker you could add a podman group to the system and then add users to the podman group, finally configure podman.sock to run in rootful mode as 660 with root:podman. Note this will give everyone on the system full root access to the host.