Expanding on @upteryx idea.
This is how I've implemented the non-root, passwordless user in an ephemeral Docker Image for use in a CICD pipeline:
RUN \ groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo && \ sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g'&& \ sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g'&& \ sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g'&& \ echo "foo ALL=(ALL) NOPASSWD: ALL">> /etc/sudoers && \ echo "Customized the sudoers file for passwordless access to the foo user!"&& \ echo "foo user:"; su - foo -c id