Podman Tutorial: Overview, Differences from Docker, Common Commands, Installation, Configuration, and Usage

This guide introduces Podman, an open‑source container runtime that works on most Linux platforms without requiring a daemon or root privileges.

What Is Podman?

Podman can run any OCI‑compatible container or image and offers a Docker‑compatible command‑line interface while operating daemon‑less and optionally rootless.

Main Differences Between Podman and Docker

Docker relies on a root‑owned daemon (dockerd) and requires root privileges for many operations, creating security concerns.

Podman runs without a daemon and can operate without root, making its architecture simpler and more secure.

Docker uses a chain of daemons (dockerd → containerd → containerd‑shim → runc); Podman calls OCI runtimes directly (runc) and uses a per‑container conmon process similar to Docker’s containerd‑shim.

Common Podman Commands

Container Management

podman run          # Create and start a container
podman start        # Start a stopped container
podman ps           # List containers
podman stop         # Stop a container
podman restart      # Restart a container
podman attach       # Attach to a running container
podman exec         # Execute a command in a container
podman export       # Export a container's filesystem
podman import       # Import a container snapshot
podman rm           # Remove a container
podman logs         # View container logs

Image Management

podman search       # Search for images
podman pull         # Pull an image
podman images       # List images
podman rmi          # Remove an image
podman save         # Export an image
podman load         # Import an image
podman build        # Build an image from a Dockerfile
podman tag          # Tag an image

Installation

# yum -y install podman

Registry Accelerators (Mirrors)

Version 7 configuration example:

# vim /etc/containers/registries.conf
registries = ["docker.io"]
[[docker.io]]
location = "j3m2itm3.mirror.aliyuncs.com"

Version 8 configuration example:

unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "j3m2itm3.mirror.aliyuncs.com"

Basic Usage Examples

Run an HTTPD container:

# podman run -d --name httpd docker.io/library/httpd
# podman images
REPOSITORY               TAG      IMAGE ID       CREATED       SIZE
docker.io/library/httpd   latest   ea28e1b82f31   11 days ago   148 MB

List running containers:

# podman ps
CONTAINER ID  IMAGE                     COMMAND               CREATED          STATUS               PORTS  NAMES
0492e405b9ec  docker.io/library/httpd   httpd-foreground    About a minute ago  Up About a minute ago        httpd

Inspect the latest container to view its IP address (rootless containers have no IP):

# podman inspect -l | grep IPAddress
"IPAddress": "10.88.0.5",
# curl 10.88.0.5
<html><body><h1>It works!</h1></body></html>

Rootless Operation and Port Mapping

Rootless users cannot bind privileged ports (<1024) unless the kernel parameter is adjusted:

# echo 'net.ipv4.ip_unprivileged_port_start=80' >> /etc/sysctl.conf
# sysctl -p
net.ipv4.ip_unprivileged_port_start = 80
# podman run -d -p 80:80 httpd   # now works for rootless users

User Namespace and Volume Sharing

Mount a host directory into a container and keep file ownership consistent by using --userns=keep-id:

# podman run -it -v "$(pwd)"/data:/data --userns=keep-id docker.io/library/busybox /bin/sh
# ls -l /data
-rw-r--r-- 1 zz zz 11 Dec 13 00:21 123

Configuration Files

Podman reads configuration in the following order (higher priority overrides lower):

~/.config/containers/containers.conf

/etc/containers/containers.conf

/usr/share/containers/containers.conf

Key files include containers.conf, storage.conf, and registries.conf. Example storage.conf snippet to use the overlay driver and fuse‑overlayfs:

# /etc/containers/storage.conf
[storage]
driver = "overlay"
mount_program = "/usr/bin/fuse-overlayfs"

Additional Topics

Installation of supporting tools for rootless mode (crun, slirp4netns, fuse‑overlayfs) and configuration of subuid/subgid files are required for proper user namespace mapping.

Overall, Podman provides Docker‑compatible functionality while eliminating the need for a privileged daemon, supporting rootless operation, and offering flexible configuration for modern cloud‑native workflows.