diff --git a/docker-compose.yml b/docker-compose.yml
index 48728ae..5c9ed46 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,7 +12,7 @@ services:
                 - YARN=false
         volumes:
             - ../:/opt/app
-        entrypoint: run-nodock "node index.js"
+        entrypoint: run-nodock "sleep infinity"
         tty: true
 
     mysql:
diff --git a/node/Dockerfile b/node/Dockerfile
index b16573d..c3b962b 100644
--- a/node/Dockerfile
+++ b/node/Dockerfile
@@ -31,6 +31,8 @@ RUN if [ ${YARN} = true ]; then \
 
 COPY scripts/run-nodock.sh /usr/bin/run-nodock
 
-RUN chmod 700 /usr/bin/run-nodock
+RUN chmod 777 /usr/bin/run-nodock
+
+USER www-app
 
 WORKDIR /opt/app
diff --git a/workspace/Dockerfile b/workspace/Dockerfile
index 19fe2fb..7701b00 100644
--- a/workspace/Dockerfile
+++ b/workspace/Dockerfile
@@ -7,6 +7,7 @@ RUN apt-get update && \
         iputils-ping && \
     npm install -g n
 
+
 ##
 ## Timezone
 ##
@@ -33,7 +34,25 @@ RUN npm i -g yarn
 
 COPY ./crontab /var/spool/cron/crontabs
 
+USER root
+
 WORKDIR /opt/app
 
+RUN chmod -R 777 /opt/app
+
+# Add a non-root user to prevent files being created with root permissions on host machine.
+ARG PUID=1000
+ENV PUID ${PUID}
+ARG PGID=1000
+ENV PGID ${PGID}
+
+# always run apt update when start and after add new source list, then clean up at end.
+RUN groupadd -g ${PGID} nodock && \
+    useradd -u ${PUID} -g nodock -m nodock -G doker_env && \
+    usermod -p "*" nodock
+
+RUN chown -R nodock:nodock /opt/app
+
+USER nodock
 
-ENTRYPOINT sleep infinity
\ No newline at end of file
+ENTRYPOINT sleep infinity