> Aren't most people running docker rootless (at least on Linux)? Does podman do more?

In the HPC space Apptainer (previously "Singularity") was created precisely due to (multi-)user-level access, especially with the use of NFS.

I'd guess that most people who run Docker on linux install it through their distro's package manager, which has a dockerd running as root.

On Debian derivatives, you need some kind of extra privs to even talk to it (being a member of the "docker" group, iirc).

The docker CLI tool is normally executed with user privileges, but there's dockerd, a daemon running as root that actually does the container execution.

docker service that sets up containers runs as root. podman does away with that service.