diff --git a/Dockerfile b/Dockerfile
index 3c057d67..46669c5e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -39,21 +39,24 @@ RUN pip install --target=/dependencies playwright~=1.41.2 \
 FROM python:${PYTHON_VERSION}-slim-bookworm
 LABEL org.opencontainers.image.source="https://github.com/dgtlmoon/changedetection.io"
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    libxslt1.1 \
-    # For presenting price amounts correctly in the restock/price detection overview
-    locales \
-    # For pdftohtml
-    poppler-utils \
-    zlib1g \
-    && apt-get clean && rm -rf /var/lib/apt/lists/*
-
+RUN set -ex; \
+    apt-get update && apt-get install -y --no-install-recommends \
+        gosu \
+        libxslt1.1 \
+        # For presenting price amounts correctly in the restock/price detection overview
+        locales \
+        # For pdftohtml
+        poppler-utils \
+        zlib1g && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*; \
+    useradd -u 911 -U -d /datastore -s /bin/false abc && \
+    usermod -G users abc; \
+    mkdir -p /datastore
 
 # https://stackoverflow.com/questions/58701233/docker-logs-erroneously-appears-empty-until-container-stops
 ENV PYTHONUNBUFFERED=1
 
-RUN [ ! -d "/datastore" ] && mkdir /datastore
-
 # Re #80, sets SECLEVEL=1 in openssl.conf to allow monitoring sites with weak/old cipher suites
 RUN sed -i 's/^CipherString = .*/CipherString = DEFAULT@SECLEVEL=1/' /etc/ssl/openssl.cnf
 
@@ -63,6 +66,10 @@ ENV PYTHONPATH=/usr/local
 
 EXPOSE 5000
 
+# The entrypoint script handling PUID/PGID and permissions
+COPY docker-entrypoint.sh /app/docker-entrypoint.sh
+RUN chmod u+x /app/docker-entrypoint.sh
+
 # The actual flask app module
 COPY changedetectionio /app/changedetectionio
 # Starting wrapper
@@ -74,6 +81,4 @@ ARG LOGGER_LEVEL=''
 ENV LOGGER_LEVEL "$LOGGER_LEVEL"
 
 WORKDIR /app
-CMD ["python", "./changedetection.py", "-d", "/datastore"]
-
-
+CMD ["/app/docker-entrypoint.sh"]
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100644
index 00000000..88af0d44
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+PUID=${PUID:-911}
+PGID=${PGID:-911}
+
+groupmod -o -g "$PGID" abc
+usermod -o -u "$PUID" abc
+
+chown -R abc:abc /datastore
+
+exec gosu abc:abc python ./changedetection.py -d /datastore