[brigandish]

Why not use gosu or su-exec to run the entrypoint command? That's straightforward.

[otterley]

Better to never have root privileges anywhere in the container. Entry points can be overridden and never running as root at all greatly reduces the attack surface.