From 3d66bc35763892c24d525bc93c7961ef55951696 Mon Sep 17 00:00:00 2001
From: Miranda Streeter <miranda@mirandastreeter.com>
Date: Mon, 22 Jun 2026 15:40:03 -0700
Subject: [PATCH 1/2] chown the config parent dirs

Signed-off-by: Miranda Streeter <miranda@mirandastreeter.com>
---
 openvoxserver/prep_release_container.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/openvoxserver/prep_release_container.sh b/openvoxserver/prep_release_container.sh
index f51854c..0d5c7d7 100755
--- a/openvoxserver/prep_release_container.sh
+++ b/openvoxserver/prep_release_container.sh
@@ -82,8 +82,8 @@ else
 fi
 
 chown -R puppet:puppet /etc/puppetlabs/code
-chown -R puppet:puppet /etc/puppetlabs/puppet/ssl
-chown -R puppet:puppet /etc/puppetlabs/puppetserver/ca
+chown -R puppet:puppet /etc/puppetlabs/puppet
+chown -R puppet:puppet /etc/puppetlabs/puppetserver
 chown -R puppet:puppet /opt/puppetlabs/server/data/puppetserver
 chown -R puppet:puppet /var/log/puppetlabs/puppetserver
 chown -R puppet:puppet /var/run/puppetlabs/puppetserver

From 73df5ffec84ebd45d1cff3cad11749f7a7bf4ce8 Mon Sep 17 00:00:00 2001
From: Miranda Streeter <miranda@mirandastreeter.com>
Date: Mon, 22 Jun 2026 15:49:50 -0700
Subject: [PATCH 2/2] Update README to reflect rootless status.

Signed-off-by: Miranda Streeter <miranda@mirandastreeter.com>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 57ed770..ff71fb6 100644
--- a/README.md
+++ b/README.md
@@ -178,7 +178,7 @@ services:
 
 #### Rootless Podman
 
-When using rootless Podman, the OpenVox Server process starts as a virtual `root` and then drops privileges to the `puppet` user.
+When using rootless Podman, the OpenVox Server process runs directly as the non-root `puppet` user (UID 1001) with the root group (GID 0).
 This can lead to permission issues with bind mount volumes, which you may want to use for the OpenVox SSL and CA directories. For example:
 
 ```shell