Subordinate GIDs/UIDs with LXC and userns for unprivileged user?

When using userns (via LXC in my case), you assign a range of subordinate GIDs and UIDs to an unprivileged user. See for resources: subuid(5) , subgid(5) , newuidmap(1) , newgidmap(1) , user_namespaces(7) . That range can then be used and will via [tag:userns] be mapped to the system account. Let's assume we have a (host) system account john with a UID (and GID) of 1000. The assigned range of GIDs and UIDs is 100000..165536. So an entry exists in /etc/subgid and /etc/subuid respectively: john:100000:65536 Files that inside the unprivileged container are owned by the "inside" john will now be owned by 101000 on the host and those owned by the "inside" root will be owned by 100000. Normally these ranges are not assigned to any name on the host. ### Questions: 1. is it alright to create a user for those respective UIDs/GIDs on the host in order to have a more meaningful output for ls and friends? 2. is there a way to make those files/folder accessible to the host user who "owns" the userns, i.e. john in our case? And if so, is the only sensible method to create a group shared between those valid users inside the subordinate range and and the userns "owner" and set the permissions accordingly? Well, or ACLs, obviously.