Hi team - thank you so much for the amazing image for running containers.
I moved to Linux as my daily driver this year after I was lucky enough to stumble across Aurora. It just made so much sense to me as a newbie. After playing with that for a few months, I wanted to set up a server to run some services from home.
My appreciation:
UCore is set up so well for beginners, with everything I have needed already installed. And the best thing from a noob perspective … I can’t screw it up.
I see posts all the time in other Linux forums and reddit, where some beginner has installed this or that service and suddenly nothing works. I can’t tell you how relaxing it is as a beginner to be using this, knowing that the hard work is already done for me and it’s just going to keep working and stay up to date. (And that my root partition is immutable and cannot be messed with by me 
)
Newbie tip for Podman volume permissions
If you simply copy in a docker-compose.yml file and start a container, most of the time you’ll find that the volumes are set up with some random UID and group ID, and you can’t access them from your core user account. This is something to do with rootless Podman and possibly SELinux.
This took me some days to figure out how to fix it, which I think will help other beginners at the start.
There are three ways to solve this. I’m too much of a beginner to understand why exactly some of these do work or don’t work some of the time, but if you try the three options in order, one of them will fix it. It’s something to do with how the container image is created - some containers work one way, some work another way.
Required
This one is required for anything running in Podman rootless. All of your volumes should be created with :Z at the end of the volume line:
volumes:
- ./config:/app/config:Z
From the docs, this tells rootless Podman to “label the content with a private unshared label. Only the current container can use a private volume.”
Most of the time that will get your volumes created with your current UID/GID.
Option 1
If that doesn’t work, you can add in a .env file with the keep-id option:
export PODMAN_USERNS=keep-id
You can’t add that option into your docker-compose.yml file, as it conflicts with Podman’s --pod option. I needs to be in your environment file.
Option 2
I think some containers require the user inside the container to be root. If the above two steps don’t work, try this one.
In your docker-compose.yml file:
services:
some_container:
user: "0:0"
This tells the container to run as root inside it. Then you need to map your UID/GID to the containers root ID.
In your .env file (same folder as your docker-compose file):
export PODMAN_USERNS=keep-id:uid=0,gid=0
It’s important to note that the UID and GID there are going to be the ID inside the container - not your own UID/GID.
Done!
That’s it. Hopefully the above tips will prevent you from the few days of frustration that I went through trying to understand why rootless Podman containers never seemed to get the file permissions correct 