Containers Without Root: Using Rootless Podman

In our webinar series, we introduced Podman, the successor to Docker, and demonstrated how easily you can set up a useful application with it. Below is a brief overview and some background context.

“Data scientist? Oh, so you work with computers. My printer isn’t working. Can you help me?”

“Data scientist” could easily be replaced with almost any IT role. If you have never heard something like this before, you have been lucky. And the printer is just a stand-in for all kinds of IT issues.

No bad intentions. People often need help setting something up on their computer or completing tasks online. That is understandable. My aunt makes the best apple pie in the world. She does not need to know her way around hidden Facebook settings. I am happy to help.

Still, it would often be more convenient to provide that help remotely, via a remote connection that is simple, fast, and does not consume too many system resources. TeamViewer is generally a good option, but not perfect. While there is a Linux client, the software is not open source. You cannot fully verify what happens behind the scenes, and some users have found their usage classified as commercial, requiring a paid license.

Open Source Alternative for Remote Access

An open source alternative would be ideal. Does one exist? Yes, of course.
We chose RustDesk. It is lightweight, resource-efficient, and open source, or more precisely freemium, with optional paid features that are not required for practical use. The developers also provide a Docker version.

That was a key factor for us. The application needed to run in a container. On the one hand, we generally work with containers. On the other, we wanted to avoid unnecessarily complex server setups where they are not needed.

Our setup is cloud-based. When we need remote access, we start the server, connect through it, and shut it down again once we are done. For this, we used a server from Hetzner.

Containers, Yes. Kubernetes Not Required

The next question was what is the best way to implement this.
There are clear Docker instructions, but no officially supported Kubernetes manifest. That is fine. RustDesk is a great example of how not every containerized application needs a Kubernetes environment.

We opted for a lean, standalone container setup.

Why Podman Instead of Docker

Does it have to be Docker? Our answer is no.
There are alternatives and good reasons to use them. The criticisms of Docker are well known.

• Daemon-based architecture
• Potential use of root privileges where they are not necessary
• A broad, sometimes overly complex feature set

Docker has enabled a lot, but other solutions have addressed these weaknesses more quickly. We have even seen cases where Docker failed to build an image from a Dockerfile, while Buildah handled it without issues. Not ideal, even if that issue has likely been resolved by now.

Rootless Containers with Podman

We chose Podman as one of the best solutions for container management. It is elegant, lightweight, runs without root privileges, and is fully compatible with Docker.

In fact, we know colleagues who handled the transition simply by using an alias. Typing docker actually runs podman. Commands, syntax, and capabilities remain effectively the same. At the user level, there is virtually no difference.

We tested it, installed and configured Podman, and everything worked smoothly. We were able to connect our systems via our own server, using our own SSH keys, without third-party dependencies, without excessive privileges, and without overengineering. With simple container tools, the setup was ready in minutes.

Reliable Across Platforms

Another advantage is that our setup ran on a Debian 12 server. Podman originates from Red Hat, so we expect strong support across the Linux ecosystem. One potential concern could be cross-platform usage, but in practice this was not an issue either.

Our Recommendation: whether you are fixing your aunt’s printer or adjusting someone’s Facebook settings, this setup offers a fast, secure, and controlled solution.

Of course, a certain setup is required for Podman to run smoothly. The solution also offers additional features that can make it even easier to use.

Want to Learn More?

Interested in these topics but do not want to wait?
We offer a docker & container training program where we cover not only classic Docker scenarios but also alternatives like Podman in a hands-on way.

We look forward to having you, no matter which path you choose.