I would recommend not running as root even in a container. The containers still use the same kernel as the host so it is possible to break out of the container through a kernel or driver vulnerability which is a little easier as root. Also, if it is run as recommended with the --net=host option then the attacker could open arbitrary ports to listen on as a back door. As root, the attacker can open low numbered ports that are often not blocked by default firewall settings because one mast be root to open them.
While it is better to run as root in the container than on the host, it is still not something I would recommend.
Indeed, I wasnât even thinking about the ability to install bindings and create Things and Items through the API.
OP explicitly stated there was no dirty shutdowns around the time the problems started.
What Markus said. NFS mount the drive (CIFS doesnât handle file ownership right which will cause problems} and either configure persistence and logging to write to that shared location, or user a soft link to make the folders that will to that shared folder, or mount the shared folder to the places that have the heavy writes.