The USER instruction in a Dockerfile will change the user running the next instructions.
When a image will be running, the last USER instruction define the user that will runs the image.
Generally, the user is always root and have all permissions. Introducing another user may occurs permissions and accessiblity error. You should run a container under another user than root when it's not possible otherwise.
Below, we are creating a new user called notroot and add it to the sudoers
ENV PLAY_USER notroot
RUN echo "==> Add user and group $PLAY_USER ..." && \
useradd --create-home --user-group $PLAY_USER && \
echo "==> Sudo conf: Nothing" && \
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \
echo "Add the user to the sudoers group" && \
usermod -a -G sudo $PLAY_USER