Hello,

In my bootc image I download packages using dnf. Some of these packages create users and groups and set file permissions on install, using pre-install scripts.

When inspecting my OCI image after being built (using podman exec /bin/bash), I can see that the correct permissions are set for configuration files and the likes. However, when generating a VM image (qcow2) and booting the operating system, it resets the permissions for the configuration files to root:root (in /etc, not sure about other paths).

After reading the documentation on managing users and groups, I've created sysusers.d entry files for each user and group, and assigned them to various groups. I've also decided to activate transient /etc mode, as recommended.

My questions are:

1. Is it normal for file ownership to be reset upon VM disk generation?
2. Is it good practice to launch a systemd service during boot that changes file permissions? (Requires transient /etc to avoid drift)
3. Between sysusers.d and json records, which should be prioritized for custom users? Json records seem to be more bootc friendly, however sysusers.d files seem more robust.
4. In general, how should I really manage users installed along packages?

Thanks for any tips in advance.