The USER instruction sets the username or UID to use when running the image. It will affect the user for any RUN, CMD, and ENTRYPOINT instructions that will come next in the Dockerfile.
The syntax of the instruction is just USER <user name or UID>; for example:
You can use the USER command if an executable can be run without privileges. The Dockerfile can contain the user and group creation instruction the same as this one:
RUN groupadd -r tomcat && useradd -r -g tomcat tomcat
Switching USER back and forth frequently will increase the number of layers in the resulting image and also will make the Dockerfile more complex.