This is a simple example of how to use Podman to create a container which runs as a user.
Install podman (assumes DNF but you can work it out for any other package manager).
dnf install podman
Add some UIDs and GIDs for the user to utilise in podman. Here we push the UID/GID to something very high to ensure no overlap.
usermod --add-subuids 1000000000-1000999999 znxster
usermod --add-subgids 1000000000-1000999999 znxster
Prepare the user account by enabling linger. This will spawn a user manager at boot which allows services to run when users aren’t logged in.
systemctl enable-linger znxster
Now we can login as the user and create our container.
As we modified subuid/subgid we should migrate podman to ensure that the userspace environment is up-to-date (this will also update existing containers).
podman system migrate
Create this directory to store our container unit files for system to use.
mkdir ~/.config/containers/systemd/
We will run a postgres database as an example.
Create a directory to store the data in, this will be mapped as a volume.
mkdir ~/postgres-data
We can use a podman secret to store the password.
printf "my_safe_password" | podman create secret postgres-pass -
Now create the container unit file, edit the file ~/.config/container/systemd/postgres.container
with this content.
[Unit]
Description=My Postgres Container
[Container]
Image=docker.io/library/postgres:latest
Volume=%h/postgres-data:/var/lib/postgresql/data:Z
PublishPort=5432:5432
Environment=POSTGRES_USER=postgres
Secret=postgres-pass,type=env,target=POSTGRES_PASSWORD
[Service]
Restart=always
[Install]
WantedBy=default.target
Check out the documentation for many more options available.
Now reload the systemd daemon to cause it to discover this file.
systemctl --user daemon-reload
systemctl --user status postgres
It can also be useful to manually test with the systemd-generator (known as quadlet) to see if there are issues with your container file.
/usr/lib/systemd/system-generators/podman-system-generator --user --dryrun
This will output any error.
You can start/stop/enable all the standard systemd options.
systemctl --user enable --now postgres
Now you can connect to postgres on port 5432 as normal.
psql -U postgres
Password for user postgres:
postgres=#