Users have numeric IDs. The numeric ID 0 is special and can do things like ignore filesystem permissions. Otherwise, the numbers are just numbers, traditionally anything between 0 and 32767 is allowed, the important questions are “is one of the uids zero” and “are these two uids equal”.

There is (usually) a file /etc/passwd that provides a mapping between numeric user IDs and user names. But, the host and each Docker container have separate isolated filesystems, so a given user name in one context is completely meaningless in another.

In traditionalist Unix speak, only user ID 0 (root) is “privileged”. I think this only has implications to the extent that you’ve allowed processes in the container to see the filesystem and other things on the host: processes in the container can’t see random host processes and so can’t kill(2) them, regardless of uids; processes in the container can only see parts of the host filesystem via docker run -v options; and so on.

(I think it is fairly common, among standard images that have gone to the trouble of not running as root, to run as uid 1000, because that’s the default behavior you’ll get from an adduser command. Also there’s a high probability your host unprivileged uid is 1000, for the same reason.)

Nope, you’ve got it. If you want to be unambiguous, give a numeric uid to -u.