You can just run Docker containers as `--u $UID:$GID`, presuming the docker container isn't set up in such a way that it's hostile to its contents being executed by a non-root user. Usually this just means ensuring that you don't have read/execute permissions locked down to just root and that any in-container directories which need writes have the global write bit set. Once you do that, you can run your containers as whatever user/group you'd like, and things generally just work, and you don't have to worry about building custom images.
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=24.04
DISTRIB_CODENAME=noble
DISTRIB_DESCRIPTION="Ubuntu 24.04.1 LTS"
$ mkdir tmp
$ docker run --rm -v $(pwd)/tmp:/tmp alpine:latest sh -c 'echo "ok" > /tmp/test.txt'
$ ll tmp
.rw-r--r-- root root 3 B Sat Nov 16 14:53:51 2024 test.txt
$ docker run -u $UID:$GID --rm -v $(pwd)/tmp:/tmp alpine:latest sh -c 'echo "ok" > /tmp/test2.txt'
$ ll tmp
.rw-r--r-- root root 3 B Sat Nov 16 14:53:51 2024 test.txt
.rw-r--r-- chris chris 3 B Sat Nov 16 14:54:16 2024 test2.txt
You can just run Docker containers as `--u $UID:$GID`, presuming the docker container isn't set up in such a way that it's hostile to its contents being executed by a non-root user. Usually this just means ensuring that you don't have read/execute permissions locked down to just root and that any in-container directories which need writes have the global write bit set. Once you do that, you can run your containers as whatever user/group you'd like, and things generally just work, and you don't have to worry about building custom images.
My question is, why would you want your containers writing to the box where they run? They should be context independent.
[dead]