Before I answer, let me start with this:

Rootful Docker means the daemon is running as root and either the docker users are in the “docker” group or they have “sudo” privilege.

Rootless Docker means the Docker daemon is running as a non-root user, so you could all have access to the same “docker-manager” user if you want to use the same Docker.

There is no such thing as

It wouldn’t make sense. The user called “nobody” and the group called “nogroup” can be seen sometimes when a container of a rootless Docker or a container using user namespace mounts a folder which is not owned by the user, but the purpose is to deny access and not grant it to everyone.

You can set groups the same way as the users in the “docker” group can access the docker socket of the rootful Docker.

I also don’t think that not using the same user would make sense, since if you manage to grant access to the docker context of a rootless Docker, that command allows the user to mount everything in the users home.

Even if you use the same user, sometimes you want to access files in the Docker root for debugging reason or just delete the folder. Then you can run the

rootlesskit bash

command to run a bash in the user namespace of the rootless Docker and work as root in that context.