diff --git a/Dockerfile b/Dockerfile
index a68aef3f..c32ca0c8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,12 +24,21 @@ ENV DEBUG="False" \
     ENABLE_CAPTCHA="False" \
     LEGAL_LINK="False"
 
-RUN mkdir -p /etc/ihatemoney &&\
-    pip install --no-cache-dir gunicorn pymysql;
-
 ADD . /src
 
-RUN pip install --no-cache-dir -e /src
+RUN echo "**** install runtime packages ****" && \
+    apk add --no-cache \
+    shadow && \
+    echo "**** create runtime folder ****" && \
+    mkdir -p /etc/ihatemoney &&\
+    echo "**** install pip packages ****" && \
+    pip install --no-cache-dir gunicorn pymysql && \
+    pip install --no-cache-dir -e /src && \
+    echo "**** create user abc:abc ****" && \
+    useradd -u 1000 -U -d /src abc && \
+    echo "**** cleanup ****" && \
+    rm -rf \
+    /tmp/*
 
 VOLUME /database
 EXPOSE ${PORT}
diff --git a/conf/entrypoint.sh b/conf/entrypoint.sh
index c6a90985..4d48f86c 100755
--- a/conf/entrypoint.sh
+++ b/conf/entrypoint.sh
@@ -26,8 +26,24 @@ ENABLE_CAPTCHA = $ENABLE_CAPTCHA
 LEGAL_LINK = "$LEGAL_LINK"
 EOF
 
+PUID=${PUID:-0}
+PGID=${PGID:-0}
+
+echo "
+User uid: $PUID
+User gid: $PGID
+"
+
 # Start gunicorn without forking
-exec gunicorn ihatemoney.wsgi:application \
-     -b 0.0.0.0:"$PORT" \
+cmd="exec gunicorn ihatemoney.wsgi:application \
+     -b 0.0.0.0:$PORT \
      --log-syslog \
-     "$@"
+     $@"
+
+if [ "$PGID" -ne 0 -a "$PUID" -ne 0 ]; then
+     groupmod -o -g "$PGID" abc
+     usermod -o -u "$PUID" abc
+     cmd="su - abc -c '$cmd'"
+fi
+
+eval "$cmd"
diff --git a/docker-compose.yml b/docker-compose.yml
index 3554c81c..6a16472b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -27,5 +27,7 @@ services:
       - ENABLE_CAPTCHA=False
       - LEGAL_LINK=
       - PORT=8000
+      - PUID=0
+      - PGID=0
     ports:
       - "8000:8000"