that’s true but many people don’t read/follow the docs for this reason we always ask!
I was curious if cap_add/cap_drop order might be a problem but seems to be OK according to Docker-Compose: order of cap_drop and cap_add? - #3 by thediveo - Compose - Docker Community Forums this is the most noticeable difference from default - check if it works without this directive in the future
I would expect root can rsync files of another user but not other way round. As you can see in my guide Nextcloud docker-compose setup with notify_push (2024) apps, config and data are owned by the limited container user (which IMHO translates to www-data by default)
you are right it is possible (see the guide above) or container docs > additional volumes