diff --git a/mailbox/Dockerfile b/mailbox/Dockerfile
index 8d945cb..61ecef4 100644
--- a/mailbox/Dockerfile
+++ b/mailbox/Dockerfile
@@ -40,3 +40,33 @@ VOLUME /db
 
 # Expose port
 EXPOSE "${MW_MAILBOX_PORT}/${MW_MAILBOX_PROTO}"
+
+# Parameters for default user:group
+ARG uid=1000
+ARG user=appuser
+ARG gid=1000
+ARG group=appgroup
+
+# Add user and group so the command above and its
+# output will be owned by the specified uid:gid
+RUN grep -q ":${gid}:" /etc/group && { \
+      echo "Group ID ${gid} found"; \
+    } || { \
+      echo "Group ID ${gid} NOT found"; \
+      groupadd -g "${gid}" "${group}" && \
+      echo "Group ID ${gid} created"; \
+    }
+RUN id "${uid}" > /dev/null 2>&1 && { \
+      echo "User ID ${uid} found"; \
+    } || { \
+      echo "User ID ${uid} NOT found"; \
+      useradd -md "/home/${user}" -s /bin/bash -g "${group}" -u "${uid}" "${user}" && \
+      echo "User ID ${uid} created"; \
+    }
+
+# Fix ownership
+RUN chown -R ${user}:${group} /app /db
+
+# Switch to non-root user
+USER ${user}
+WORKDIR /app
diff --git a/relay/Dockerfile b/relay/Dockerfile
index 2cc8cbb..920b95f 100644
--- a/relay/Dockerfile
+++ b/relay/Dockerfile
@@ -37,3 +37,33 @@ VOLUME /db
 
 # Expose ports
 EXPOSE "${MW_RELAY_PORT}/${MW_RELAY_PROTO}" "${MW_RELAY_WS_PORT}/${MW_RELAY_WS_PROTO}"
+
+# Parameters for default user:group
+ARG uid=1000
+ARG user=appuser
+ARG gid=1000
+ARG group=appgroup
+
+# Add user and group so the command above and its
+# output will be owned by the specified uid:gid
+RUN grep -q ":${gid}:" /etc/group && { \
+      echo "Group ID ${gid} found"; \
+    } || { \
+      echo "Group ID ${gid} NOT found"; \
+      groupadd -g "${gid}" "${group}" && \
+      echo "Group ID ${gid} created"; \
+    }
+RUN id "${uid}" > /dev/null 2>&1 && { \
+      echo "User ID ${uid} found"; \
+    } || { \
+      echo "User ID ${uid} NOT found"; \
+      useradd -md "/home/${user}" -s /bin/bash -g "${group}" -u "${uid}" "${user}" && \
+      echo "User ID ${uid} created"; \
+    }
+
+# Fix ownership
+RUN chown -R ${user}:${group} /app /db
+
+# Switch to non-root user
+USER ${user}
+WORKDIR /app
diff --git a/wormhole/Dockerfile b/wormhole/Dockerfile
index 68d20fe..1f0cc63 100644
--- a/wormhole/Dockerfile
+++ b/wormhole/Dockerfile
@@ -22,4 +22,32 @@ RUN pip install \
 # Default command to start the application
 CMD wormhole
 
+# Parameters for default user:group
+ARG uid=1000
+ARG user=appuser
+ARG gid=1000
+ARG group=appgroup
+
+# Add user and group so the command above and its
+# output will be owned by the specified uid:gid
+RUN grep -q ":${gid}:" /etc/group && { \
+      echo "Group ID ${gid} found"; \
+    } || { \
+      echo "Group ID ${gid} NOT found"; \
+      groupadd -g "${gid}" "${group}" && \
+      echo "Group ID ${gid} created"; \
+    }
+RUN id "${uid}" > /dev/null 2>&1 && { \
+      echo "User ID ${uid} found"; \
+    } || { \
+      echo "User ID ${uid} NOT found"; \
+      useradd -md "/home/${user}" -s /bin/bash -g "${group}" -u "${uid}" "${user}" && \
+      echo "User ID ${uid} created"; \
+    }
+
+# Fix ownership
+RUN chown -R ${user}:${group} /app
+
+# Switch to non-root user
+USER ${user}
 WORKDIR /app