I don't run MicroOS myself so take this with a grain of salt. But this is usually how I do it, though there might be a better practice out there for this too.

Afaik, MicroOS by the sound of it, only ships with root by default, but rootless Podman should definitely be possible.

Normally, you need to set up user namespace mappings for your non-root user. Run these commands as root:

usermod --add-subuids 100000-165535 <yourusername>
usermod --add-subgids 100000-165535 <yourusername>

Then check they're set up with:

grep <yourusername> /etc/subuid
grep <yourusername> /etc/subgid

This should give your regular user the ability to map container UIDs without needing root privileges. After that, Podman should work fine as your regular user.

Hope this helps a little 👍

I do this on the minimal Debian release which is essentially coming from the same place, you're left to get things configured with a root user or maybe a privileged user after install. There's a few things to tweak for rootless podman and it will vary based on the distro. The gist for me and Debian is:

1. make an unprivileged account for running podman containers
2. enable linger so i can use systemd with this account and the running of the containers
3. allow lower ports for podman rootless in sysctl (for example, 80 if you're running basic http services rootless), net.ipv4.ip_unprivileged_port_start=<start of lower range of ports rootless containers will use>
4. run containers with the appropriate --userns flags. This can vary a lot depending on the container. Some maintainers are nice and ensure the internal uid/gid is something expected like 1000, sometimes not and you have to fire it up and figure out the app account name, uid/gid. An example I'll put here is a podman run snippet for running jenkins (official image from cloudbees) rootless:

podman run --name jenkins --user jenkins --userns=keep-id:uid=1000,gid=1000 ...

Again, that's just Debian, never tried MicroOS, but if MicroOS isn't doing anything special to accommodate rootless podman I imagine these steps are somewhat applicable. One issue I ran into was with an older version of Podman, whatever comes with Ubuntu 22: That version of podman requires you to set the namespace mappings; Debian 12's version does not and the --userns=keep... flag just works.

i try to make a new non-root user, but podman just keeps complaining about privileges when i run it under that user.

If you're asking for help about an error message, then provide the error message rather than describing it in vague terms. There are many privileges it could be complaining about.

While this would not answer your question, but according to podman maintainers, rootful podman with userns=auto enjoys nearly as much security benefits as rootless. (As always, there are nuances to this)

Check out https://github.com/containers/podman/discussions/13728

Maybe you could consider running rootful podman, especially if the OS is immutable.

I suggest you read some guides about podman and rootless containers.

Here is my experience albeit on a different Linux: https://wiki.gardiol.org/doku.php?id=gentoo%3Acontainers