docker run --user=demo_user <image_name> <command> runs a container with the given command as demo_user
docker run --user=demo_user:group1 <image_name> <command> runs a container with the given command as demo_user whose primary group is set to group1
docker run --user=demo_user:group1 --group-add group2 <image_name> <command> runs a container with the given command as demo_user whose primary group is set to group1 and group2 as secondary group of the user
NOTE: users and groups used for these options MUST have been created in the image of which we are creating a container.
If --group-add option alone is specified without --user and the image does NOT have any user declared(user should have been created but not declared via USER instruction in Dockerfile from which the image got created), group modifications happen to the root user in the container.
If --group-add option alone is specified without --user and the image does have the user declared( via USER instruction in Dockerfile from which the image got created), group modifications happen to the declared user in the container.