I am moving from Docker to rootless podman and one thing that’s surprising to me is that podman can create files that my user is, seemingly, not allowed to even read, so I need root to backup them.
For example, this one created by the postgres service of immich:
-rw-------. 1 525286 525286 1.6K Oct 2 20:16 /var/home/railcar/immich/postgres/pg_stat_tmp/global.stat
Is this expected in general (not for immich in particular)? Is there a single solution to solve this of does it have to be built in the images? It really feels wrong that I can start a container that will create files I am not allowed to even read.
Thanks! it was a mounted volume in this case (just beside the location of the compose file), but it’s still good to know!
Ah, in that case you will probably need to go into the container to do the backup. I avoid mounted volumes.