https://docs.docker.com/engine/security/rootless/

https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
    RUN groupadd -r postgres && useradd --no-log-init -r -g postgres postgres

samples
https://github.com/argoproj-labs/argocd-operator/blob/master/build/bin/user_setup
    #!/bin/sh
    set -x
    # ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be)
    echo "${USER_NAME}:x:${USER_UID}:0:${USER_NAME} user:${HOME}:/sbin/nologin" >> /etc/passwd
    mkdir -p "${HOME}"
    chown "${USER_UID}:0" "${HOME}"
    chmod ug+rwx "${HOME}"
    # no need for this script to remain in the image after running
    rm "$0"

2024
https://habr.com/ru/articles/799625/
    ! net stack
2022
https://itsecforu.ru/2022/03/22/%f0%9f%90%b3-%d1%87%d1%82%d0%be-%d1%82%d0%b0%d0%ba%d0%be%d0%b5-docker-%d0%b1%d0%b5%d0%b7-root-rootless/
https://itsecforu.ru/2022/08/18/%f0%9f%90%b3-%d0%bf%d0%be%d1%87%d0%b5%d0%bc%d1%83-%d0%bf%d1%80%d0%be%d1%86%d0%b5%d1%81%d1%81%d1%8b-%d0%b2-%d0%ba%d0%be%d0%bd%d1%82%d0%b5%d0%b9%d0%bd%d0%b5%d1%80%d0%b0%d1%85-docker-%d0%bd%d0%b5-%d0%b4/
    docker run -d --user demo-user:demo-group demo-image:latest
    /etc/docker/daemon.json:
    {
        "userns-remap": "demo-user"
    }