Thanks for this article. It was very helpful. In the ‘What this means’ section, item 2) you wrote:
The better solution is to start containers with a known uid using the
--user(you can use a username also, but remember that it’s just a friendlier way of providing a uid from the host’s username system)
An interesting case is when the username exists both on the host and in the image. (The docker-hub rabbitmq image which creates that username, for example.) Then, with ‘docker run …—user rabbitmq …’ gets resolved to the container’s uid for that username, not the host’s. Of course, ‘ — user <host uid>’ works as expected.
Reference https://docs.docker.com/engine/reference/run/#user hints at this:
root (id = 0) is the default user within a container. The image developer can create additional users. Those users are accessible by name.
Thanks again for your post.