How can I mount a host directory into a container while retaining access to it?

I tried

sudo incus config device add <container> <name> disk source=<host directory> path=<mnt>

on an Ubuntu container. But /mnt is now owned by nobody and nogroup, and has permissions drwx------. This means I can’t read or write to the mounted directory at all.

Note that the mounted directory is itself a mountpoint on the host device.

shift=true

I see. I have, in the meantime, solved the problem by explicitly adding a UID map for this user. I assume this is generally not the preferred solution?

No, the recommended solution is shift=true as that allows the container to still fully operate without any shared uig/gid with the host.