How does podman behave when using sudo vs not using sudo

Question

I'm running podman 2.0.5 on RHEL8 and I'm puzzled by how it works when invoking a command by using sudo vs not using sudo. Especially confusing is when I ran port mapping and trying to expose a port through the host. Using sudo podman run -p 8080:8080 <pod-name> I was able to curl through localhost:8080 but trying the ip:8080 wouldn't work. If I dropped sudo from the command it mapped the port as expected and I could connect from the outside through the ip address. You would think that using sudo would allow greater connectivity not the other way around.

Also, I am confused by using sudo to build images vs not using sudo. When you build with sudo it goes to one registry and when you don't it goes to another registry. I see blogs/articles about using podman with root/rootless commands but I don't really understand how (or why) things are going to different places, or have different visibility to the user based on using sudo.

If I elevate to root using sudo su and try to run podman, the (podman) command isn't recognized at all ('command not found'). Can someone explain a bit what is going on here? Is this a feature or a bug?

Answer 1

sudo runs the command with root privileges, so sudo podman will access the user's local container storage directory.

When you elevate into a shell you basically logged in as root, and will see root's shell environment.

kim@vnv ~
$ sudo /bin/bash -c "echo $HOME"
/home/kim
kim@vnv ~
$ sudo /bin/bash 
[vnv kim]# echo $HOME
/root