diff --git a/automation/script/docker.py b/automation/script/docker.py
index c2f65ee5c..035b34440 100644
--- a/automation/script/docker.py
+++ b/automation/script/docker.py
@@ -377,6 +377,9 @@ def docker_run(self_module, i):
             env.update({docker_input_mapping[key]: i[key]
                        for key in docker_input_mapping if key in i})
 
+        if docker_inputs.get('user'):
+            docker_settings['user'] = docker_inputs['user']
+
         # Handle environment variable-based mounts
         res = process_mounts(
             mounts,
@@ -412,6 +415,7 @@ def docker_run(self_module, i):
             'quiet': True, 'real_run': True, 'add_deps_recursive': {'build-docker-image': {'dockerfile': dockerfile_path}},
             **docker_inputs
         }
+
         r = self_module.action_object.access(mlc_docker_input)
         if r['return'] > 0:
             return r
diff --git a/automation/script/docker_utils.py b/automation/script/docker_utils.py
index a94e1a010..e2e1b6fee 100644
--- a/automation/script/docker_utils.py
+++ b/automation/script/docker_utils.py
@@ -452,7 +452,10 @@ def get_container_path(value, username="mlcuser", extract_parent_folder=False):
 
     new_value = ''
     if "cache" in path_split and "local" in path_split:
-        new_path_split = ["", "home", username, "MLC", "repos"]
+        if username == "root":
+            new_path_split = ["", "root", "MLC", "repos"]
+        else:
+            new_path_split = ["", "home", username, "MLC", "repos"]
         repo_entry_index = path_split.index("local")
         if len(path_split) >= repo_entry_index + 3:
             new_path_split1 = new_path_split + \
diff --git a/script/build-dockerfile/customize.py b/script/build-dockerfile/customize.py
index 56bbf26b9..439fd4eb2 100644
--- a/script/build-dockerfile/customize.py
+++ b/script/build-dockerfile/customize.py
@@ -271,11 +271,17 @@ def preprocess(i):
         user_shell = json.loads(shell)
         f.write(f"""RUN (id -u {docker_user} > /dev/null 2>&1 && usermod -u $UID {docker_user}) || useradd """ + DOCKER_USER_ID + DOCKER_GROUP + ' --create-home --shell ' + user_shell[0] + ' '
                 + docker_user + EOL)
+        f.write(f'RUN usermod -aG sudo {docker_user}' + EOL)
+
         f.write(
-            'RUN echo "' +
-            docker_user +
-            ' ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers' +
-            EOL)
+            # create the file with both lines and a trailing newline
+            f"RUN printf '{docker_user} ALL=(ALL) NOPASSWD:ALL\\n"
+            f"Defaults:{docker_user} !requiretty\\n' "
+            f"> /etc/sudoers.d/{docker_user} \\\n"
+            # lock down permissions
+            f"    && chmod 0440 /etc/sudoers.d/{docker_user}{EOL}"
+        )
+
         f.write('USER ' + docker_user + ":" + docker_group + EOL)
         f.write(f"""ENV HOME=/home/{docker_user}""" + EOL)