diff --git a/Dockerfile b/Dockerfile
index 6bb132b2..2f0fc364 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,5 +28,8 @@ VOLUME /pcw/db
 
 EXPOSE 8000/tcp
 
+RUN useradd --no-create-home --uid 1777 --user-group --shell /bin/false pcw && chown -R pcw:pcw /pcw
+USER pcw
+
 # Once we are certain that this runs nicely, replace this with ENTRYPOINT.
 CMD ["/pcw/container-startup", "run"]
diff --git a/Dockerfile_dev b/Dockerfile_dev
index f6018e80..900f848d 100644
--- a/Dockerfile_dev
+++ b/Dockerfile_dev
@@ -14,4 +14,7 @@ RUN zypper -n in python310-devel gcc libffi-devel aws-cli && pip install --no-ca
 
 WORKDIR /pcw
 
+RUN useradd --no-create-home --uid 1000 --user-group --shell /bin/false pcw && chown -R pcw:pcw /pcw
+USER pcw
+
 ENTRYPOINT ["sh", "-c"]
diff --git a/Dockerfile_k8s b/Dockerfile_k8s
index 54f89109..a32d416d 100644
--- a/Dockerfile_k8s
+++ b/Dockerfile_k8s
@@ -17,4 +17,8 @@ COPY cleanup_k8s.py LICENSE README.md setup.cfg /pcw/
 ENV PATH ${PATH}:/opt/google-cloud-sdk/bin/
 
 WORKDIR /pcw
+
+RUN useradd --no-create-home --uid 1777 --user-group --shell /bin/false pcw && chown -R pcw:pcw /pcw
+USER pcw
+
 CMD ["python3", "cleanup_k8s.py"]
diff --git a/Dockerfile_k8s_dev b/Dockerfile_k8s_dev
index 6ed48f01..842793d2 100644
--- a/Dockerfile_k8s_dev
+++ b/Dockerfile_k8s_dev
@@ -14,4 +14,7 @@ ENV PATH ${PATH}:/opt/google-cloud-sdk/bin/
 
 WORKDIR /pcw
 
+RUN useradd --no-create-home --uid 1000 --user-group --shell /bin/false pcw && chown -R pcw:pcw /pcw
+USER pcw
+
 ENTRYPOINT ["sh", "-c"]