diff --git a/Dockerfile b/Dockerfile
index 716a371..4f8666e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,8 +8,15 @@ WORKDIR /app/proxy
 RUN go get
 RUN CGO_ENABLED=0 go build -o proxy -ldflags '-extldflags "-static" -w -s'  .
 
+RUN groupadd nonroot
+RUN useradd --gid nonroot nonroot
+
 FROM scratch
 
+COPY --from=build /etc/passwd /etc/passwd
+COPY --from=build /etc/group /etc/group
+USER nonroot:nonroot
+
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo
 COPY --from=build /usr/share/tor/geoip* /usr/share/tor/