diff --git a/Dockerfile b/Dockerfile
index 4345650..b39d9b4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -68,6 +68,9 @@ VOLUME ${DATA_PATH}
 EXPOSE 25565/tcp
 
 
+ENV GID=988
+ENV UID=999
+
 ENV MEMORY=4G
 ENV PROXY_SECRET=00000000-0000-0000-0000-000000000000
 
@@ -89,6 +92,13 @@ ENV SKINSRESTORER_DB_PASSWORD=0000
 WORKDIR ${WORKDIR_PATH}/config
 
 CMD \
+    # Create and switch to user with desired UID and GID.
+    # All processes that create/change files in ${DATA_PATH}
+    # must be run under this user.
+    groupadd -g ${GID} worker && \
+    useradd -M -g ${GID} -u ${UID} worker && \
+    chmod -R o-rwx ${WORKDIR_PATH} && \
+
     # Add proxy secret
     sed -i "s/_PROXY_SECRET_/${PROXY_SECRET}/g" config/paper-global.yml && \
 
@@ -109,5 +119,8 @@ CMD \
     sed -i "s/_SKINSRESTORER_DB_USERNAME_/${SKINSRESTORER_DB_USERNAME}/g" plugins/SkinsRestorer/config.yml && \
     sed -i "s/_SKINSRESTORER_DB_PASSWORD_/${SKINSRESTORER_DB_PASSWORD}/g" plugins/SkinsRestorer/config.yml && \
 
+    # Change UID and GID of used files to desired values.
+    chown -R worker:worker ${WORKDIR_PATH} && \
+
     # Launch
-    java -Xms${MEMORY} -Xmx${MEMORY} -jar *.jar -nogui
+    su worker -c "java -Xms${MEMORY} -Xmx${MEMORY} -jar *.jar -nogui"