Thanks for your response. I was under the impression that the UID of a user within a container matches that which it runs under in the host machine. It sounds like that is not the case.
From what I've read, the user running a container really starts to matter when the container is given access to the filesystem (using a volume). It sounds like the user within the container still wouldn't matter in this situation, but the user running the container on the host system would have to have appropriate permissions to the volume.
In rootfull docker, that is the case, and the uid inside the container is identical to the uid outside the container. In rootless docker, the uid inside the container maps to a sub-uid outside the container. This way, it inherits the same permissions that your own uid has.
Honestly, I think the default behavior of rootfull docker is broken by design. Being able to run rootfull docker commands is equivalent to having sudo privileges, because the docker daemon has root privileges and will mount arbitrary files on your behalf.
The default behavior of rootless podman: in-container-root gets mapped to host user, anything else gets mapped to namespaced uids in a per-user specified range.
From what I've read, the user running a container really starts to matter when the container is given access to the filesystem (using a volume). It sounds like the user within the container still wouldn't matter in this situation, but the user running the container on the host system would have to have appropriate permissions to the volume.