General security practices say you run with the least privileges required,

network daemons are particularly at risk when running as root as a bug in
the daemon will give a remote attacker root access in the container,
it's easier then to break out with root access on the host.
Docker says in https://docs.docker.com/engine/security/security/#conclusions

"Docker containers are, by default, quite secure;
especially if you run your processes as non-privileged users inside the container."

add user osrm and package su-exec and change example to use it

README.md

@@ -67,7 +67,7 @@ The flag `-v $(pwd):/data` creates the directory `/data` inside the docker conta
 
 Note that `berlin-latest.osrm` has a different file extension. 
 
-    docker run -t -i -p 5000:5000 -v $(pwd):/data osrm/osrm-backend osrm-routed --algorithm mld /data/berlin-latest.osrm
+    docker run -t -i -p 5000:5000 -v $(pwd):/data osrm/osrm-backend su-exec osrm osrm-routed --algorithm mld /data/berlin-latest.osrm
 
 Make requests against the HTTP server
 

docker/Dockerfile

@@ -37,7 +37,8 @@ FROM alpine:3.6 as runstage
 RUN mkdir -p /src  && mkdir -p /opt
 RUN echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
     apk update && \
-    apk add boost-filesystem boost-program_options boost-regex boost-iostreams boost-thread libgomp lua5.2 expat libtbb@testing
+    apk add boost-filesystem boost-program_options boost-regex boost-iostreams boost-thread libgomp lua5.2 expat libtbb@testing su-exec
+RUN adduser -D osrm
 COPY --from=buildstage /usr/local /usr/local
 COPY --from=buildstage /opt /opt
 WORKDIR /opt