Docker best practice:
Always run a container with a non-root user. Running as root inside the container is running as root in the Docker host. If an attacker gains access to your container, they have access to all the root privileges and can perform several attacks against the Docker host.
RUN addgroup --system app && adduser --system --group app USER app