I wonder what is the current best practice if it comes to file privileges.

For example. container nginx:alpine runs as nginx user which is not available on the host.

Is it acceptable for container to store files where others group has read access or durring the build process should I change their owner?

Any other suggestions are also most welcome