diff --git a/Dockerfile b/Dockerfile
index 13d148b..9bb3faf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,6 @@ ARG HARDENED_MALLOC_VERSION=11
 ARG UID=991
 ARG GID=991
 
-
 ### Build Hardened Malloc
 FROM alpine:latest as build-malloc
 
@@ -80,7 +79,6 @@ RUN pip install --upgrade pip \
 
 RUN --mount=type=cache,target=/root/.cache/pip \
         pip install supervisor~=4.2
-RUN mkdir -p /etc/supervisor/conf.d
 
 RUN pip install Jinja2
 
@@ -92,6 +90,8 @@ COPY --from=deps_base /usr/lib/nginx /usr/lib/nginx
 COPY --from=deps_base /etc/nginx /etc/nginx
 
 RUN chown www-data /var/lib/nginx
+RUN mkdir /var/lib/nginx/logs/
+RUN chown 991:www-data /var/lib/nginx/logs/
 RUN ln -sf /dev/stdout /var/log/nginx/access.log
 RUN ln -sf /dev/stderr /var/log/nginx/error.log
 
@@ -105,8 +105,25 @@ COPY ./rootfs/conf-workers/* /conf/
 COPY ./rootfs/configure_workers_and_start.py /configure_workers_and_start.py
 COPY ./prefix-log /usr/local/bin/
 
+RUN chown -R synapse:synapse /conf/
+RUN chown -R synapse:www-data /etc/nginx
+RUN chown synapse:synapse /usr/local/lib/libhardened_malloc.so
+
+RUN mkdir -p /etc/supervisor/conf.d
+RUN mkdir -p /etc/nginx/conf.d
+RUN chown -R synapse:www-data /etc/nginx
+
+RUN mkdir -p /health/
+RUN chown -R synapse:synapse /health/
+
+RUN chown -R synapse:synapse /etc/supervisor
+
+RUN chmod +x /usr/local/bin/prefix-log
+
 RUN chmod 755 /start.py
 
+RUN chown synapse:synapse /
+
 ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"
 
 USER synapse
@@ -115,7 +132,7 @@ VOLUME /data
 
 EXPOSE 8008/tcp
 
-ENTRYPOINT ["/configure_workers_and_start.py"]
+CMD ["python3", "/configure_workers_and_start.py"]
 
 HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
     CMD /bin/sh /healthcheck.sh
\ No newline at end of file
diff --git a/rootfs/conf-workers/supervisord.conf.j2 b/rootfs/conf-workers/supervisord.conf.j2
index 648254e..be8b96e 100644
--- a/rootfs/conf-workers/supervisord.conf.j2
+++ b/rootfs/conf-workers/supervisord.conf.j2
@@ -3,7 +3,12 @@
 # that have been selected.
 [supervisord]
 nodaemon=true
-user=root
+user=synapse
+pidfile=/tmp/supervisord.pid
+directory=/tmp
+childlogdir=/tmp
+logfile=/dev/stdout
+logfile_maxbytes=0
 
 [include]
 files = /etc/supervisor/conf.d/*.conf