Podman Tutorial: Installation, Usage, Commands, and Configuration

Podman is an open‑source container runtime that works on most Linux platforms without requiring a daemon and can run without root privileges, offering Docker‑compatible commands while providing a different architecture.

The article compares Podman and Docker, highlighting key differences such as the absence of a daemon in Podman, its rootless operation, and its use of OCI runtimes like crun instead of runc.

Installation steps are shown for CentOS/RHEL using yum -y install podman , and optional components like crun , slirp4netns , and fuse‑overlayfs are installed to enable rootless containers and better storage handling.

Common Podman commands are listed, for example:

podman run           # create and start a container
podman start         # start a container
podman ps            # list containers
podman stop          # stop a container
podman rm            # remove a container
podman logs          # view logs
podman inspect       # inspect metadata
podman top           # view processes inside a container
podman build         # build an image
podman push          # upload an image to a registry

Examples demonstrate pulling an image, running a container, checking its status, inspecting IP addresses, and viewing logs. The guide also shows how to build a custom Nginx image with a Dockerfile, tag it, log in to Docker Hub, and push the image.

Rootless operation requires configuring /etc/subuid and /etc/subgid , installing crun , and adjusting /usr/share/containers/containers.conf to set the default OCI runtime. Users must also enable user namespaces and set net.ipv4.ip_unprivileged_port_start for privileged ports.

Volume usage is explained: mounting a host directory into a container with -v "$(pwd)"/data:/data , creating files inside the container, and observing ownership changes. The --userns=keep-id flag preserves host user IDs inside the container.

Configuration files ( containers.conf , storage.conf , registries.conf ) are described, including how to set the storage driver to overlay and use fuse‑overlayfs . Authentication details for registries are stored in auth.json .

Finally, the article notes that rootless users cannot see root’s images, and provides guidance for mapping ports above 1024 or adjusting the kernel parameter to allow lower ports.