diff --git a/.github/workflows/deployment-docker-image.yml b/.github/workflows/deployment-docker-image.yml
index 80e99e68a..c96cf1a1b 100644
--- a/.github/workflows/deployment-docker-image.yml
+++ b/.github/workflows/deployment-docker-image.yml
@@ -104,7 +104,7 @@ jobs:
       NEXT_VERSION: ${{ needs.release.outputs.version }}
       DEPLOY_LATEST: ${{ github.ref_name == 'main' }}
       DEPLOY_BETA: ${{ github.ref_name == 'beta' }}
-      PUSH_IMAGE: ${{ github.event_name != 'workflow_dispatch' || github.events.inputs.push-image == 'true' }}
+      PUSH_IMAGE: ${{ github.event_name != 'workflow_dispatch' || github.events.inputs.push-image == true }}
     steps:
       - uses: actions/checkout@v4
       - name: Discord notification
diff --git a/Dockerfile b/Dockerfile
index 6b0ea4e63..3e6f04281 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,7 +26,7 @@ FROM base AS runner
 WORKDIR /app
 
 # gettext is required for envsubst
-RUN apk add --no-cache redis nginx bash gettext
+RUN apk add --no-cache redis nginx bash gettext su-exec
 RUN mkdir /appdata
 VOLUME /appdata
 RUN mkdir /secrets
@@ -43,14 +43,12 @@ RUN echo $'#!/bin/bash\ncd /app/apps/cli && node ./cli.cjs "$@"' > /usr/bin/homa
 RUN chmod +x /usr/bin/homarr
 
 # Don't run production as root
-RUN chown -R nextjs:nodejs /appdata
 RUN chown -R nextjs:nodejs /secrets
 RUN mkdir -p /var/cache/nginx && chown -R nextjs:nodejs /var/cache/nginx && \
     mkdir -p /var/log/nginx && chown -R nextjs:nodejs /var/log/nginx && \
     mkdir -p /var/lib/nginx && chown -R nextjs:nodejs /var/lib/nginx && \
     touch /run/nginx/nginx.pid && chown -R nextjs:nodejs /run/nginx/nginx.pid && \
     mkdir -p /etc/nginx/templates /etc/nginx/ssl/certs && chown -R nextjs:nodejs /etc/nginx
-USER nextjs
 
 COPY --from=builder /app/apps/nextjs/next.config.mjs .
 COPY --from=builder /app/apps/nextjs/package.json .
@@ -67,6 +65,8 @@ COPY --from=builder --chown=nextjs:nodejs /app/apps/nextjs/.next/standalone ./
 COPY --from=builder --chown=nextjs:nodejs /app/apps/nextjs/.next/static ./apps/nextjs/.next/static
 COPY --from=builder --chown=nextjs:nodejs /app/apps/nextjs/public ./apps/nextjs/public
 COPY --chown=nextjs:nodejs scripts/run.sh ./run.sh
+COPY scripts/entrypoint.sh ./entrypoint.sh
+RUN chmod +x ./entrypoint.sh
 COPY --chown=nextjs:nodejs scripts/generateRandomSecureKey.js ./generateRandomSecureKey.js
 COPY --chown=nextjs:nodejs packages/redis/redis.conf /app/redis.conf
 COPY --chown=nextjs:nodejs nginx.conf /etc/nginx/templates/nginx.conf
@@ -77,4 +77,5 @@ ENV DB_DIALECT='sqlite'
 ENV DB_DRIVER='better-sqlite3'
 ENV AUTH_PROVIDERS='credentials'
 
+ENTRYPOINT [ "/app/entrypoint.sh" ]
 CMD ["sh", "run.sh"]
diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
new file mode 100644
index 000000000..59a5589df
--- /dev/null
+++ b/scripts/entrypoint.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+# Creating folders in volume
+mkdir -p /appdata/db
+mkdir -p /appdata/redis
+
+chown -R nextjs:nodejs /appdata
+
+su-exec 1001:1001 "$@"
\ No newline at end of file
diff --git a/scripts/run.sh b/scripts/run.sh
index d22536ff2..2ba89cdff 100644
--- a/scripts/run.sh
+++ b/scripts/run.sh
@@ -1,7 +1,3 @@
-# Creating folders in volume
-mkdir -p /appdata/db
-mkdir -p /appdata/redis
-
 # Run migrations
 if [ $DB_MIGRATIONS_DISABLED = "true" ]; then
   echo "DB migrations are disabled, skipping"