re: How to securely build Docker images for Node.js VIEW POST

re: the USER instruction though is only switching the user ownership to a specific user, it isn't actually creating a new one. Correct?

No. It creates a user. The only reason to do it the way you did it is if you need to map a user/group from the host to one inside the container.

Would you like to reference an example Dockerfile for that?
AFAIK a directive such as USER lirantal does not create a user if one doesn't exist already.

USER directive does not create a user. The username specified must already exist or can be created earlier in the Dockerfile directives.

If a service can run without privileges, use USER to change to a non-root user. Start by creating the user and group in the Dockerfile with something like:

RUN groupadd -r postgres && useradd --no-log-init -r -g postgres postgres

code of conduct - report abuse