As usual, running a piece of code as root unless absolutely necessary is just good security practice. Can we have a script that creates a new user and sets up that user to be a part of the docker group instead of root?

I tried running as a user with access to docker, and the main issue I ran into is most docker containers run as root, which will make it hard to clean up the job directory after the run finishes. Even if the containers aren't running as root, it is unlikely that the docker container user and whatever service user is created will have the same UID, making cleanup annoying.