this post was submitted on 09 Jan 2026
6 points (75.0% liked)

Selfhosted

54368 readers
1120 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
6
Podman Linkding Issues (sopuli.xyz)
submitted 16 hours ago* (last edited 15 hours ago) by theorangeninja@sopuli.xyz to c/selfhosted@lemmy.world
9 comments fedilink hide all child comments
 

Hello everyone,

I am currently trying to transition from docker-compose to podman-compose before trying out podman quadlets eventually. The first couple containers work great but today I tried Linkding and I run into a weird error.

Linkding can't access the data directory because the permission gets denied. After inspecting the container all the directories inside belong to root. But podman runs rootless so that must be the issues. I tried to change the owner of the data directory on the host to root but then the data directory in the container belongs to nobody and nogroup (?). After checking the environment variable documentation of Linkding it seems like there is no environment variable for a UID and GID.

I think I have a fundamental misunderstanding how rootfull and rootless containers work so I would be very grateful if anybody could point me in the right direction on where to get a solution for this problem or anybody had success running Linkding rootless.

Thanks a lot in advance!

Edit:

I used named volumes because that's what the dev used in the example compose file. Now I tried to use named volumes instead and now everything seems to work fine. No error in the logs and the web ui is accessible.

top 9 comments
sorted by: hot top controversial new old
[–] GreenKnight23@lemmy.world 1 points 51 minutes ago (1 children)

question, why would you leave docker for podman?

[–] apftwb@lemmy.world 1 points 26 minutes ago* (last edited 25 minutes ago)

Podman doesn't need a daemon running as root. If a container gets compromised and gets control of the container process, they won't have root access outside of the container.

[–] kumi@feddit.online 2 points 9 hours ago

I am currently trying to transition from docker-compose to podman-compose before trying out podman quadlets eventually.

Just FYI and not related to your problem, you can run docker-compose with podman engine. You don't need docker engine installed for this. If podman-compose is set up properly, this is what it does for you anyway. If not, it falls back to an incomplete Python hack. Might as well cut out the middle-man.

systemctl --user enable --now podman  
DOCKER_HOST=unix://${XDG_RUNTIME_DIR}/podman/podman.sock docker-compose up
[–] pogodem0n@lemmy.world 2 points 11 hours ago

I usually set :Z at the end of volume mounts and it fixes the permission issues. Now that I think about it, all my Quadlets are using this option.

[–] Mora@pawb.social 2 points 15 hours ago (1 children)

Which system are you using? SELinux/AppArmot active? Can you share your compose? There are manyavariables at play here.

Other than that: Setting UID/GID via environmental variable is usually wrong, mostly from a design perspective of the container. There is a user directive during build as well as during deploy to use for that.

From a quick look at the docker file it does look like the user you use to run linkding needs to be in the root group.

BUT rootless podman maps the root user (usually to your user ID) to so the root user inside the container has not the same ID as the one outside. So I would suggest setting the permissions of the volume to your user for now.

Another way to figure out which user to use: just start a new/clean instance of the service and look at the new volumes.

[–] theorangeninja@sopuli.xyz 1 points 15 hours ago (1 children)

I tried to use named volumes and now everything works fine, weird.

[–] kumi@feddit.online 1 points 10 hours ago* (last edited 10 hours ago)

I think Mora is on the ball but we'd need their questions answered to know.

One possibility is that you have SELinux enabled. Check by sudo getenforce. The podman manpage explains a bit about labels and shares for mounts. Read up on :z and :Z and see if appending either to the volumes in your compose file unlocks it.

If running rootless, your host user also obviously needs be able to access it.

[–] db_geek@norden.social 1 points 16 hours ago (1 children)

@theorangeninja Rootless podman container and owner of created files - always a mystery.
Maybe, the part belonging to "Using volumes" could help:
https://github.com/containers/podman/blob/main/docs/tutorials/rootless/_tutorial.md
If the container process is running with another UID than 0 (root), created files on the host belongs to another UID, calculated based on settings from /etc/suduid.
You should have a look into --userns for mapping of UIDs between container and host:
https://docs.podman.io/en/latest/markdown/podman-run.1.html
For PostgreSQL I'm using keep-id:uid=999,gid=999.

[–] theorangeninja@sopuli.xyz 1 points 15 hours ago

I went on and tried something else and when using named volumes (the dev uses bind mounts in his compose file) everything works without errors.