diff --git a/Dockerfile b/Dockerfile
index 4dc2390..6d3525d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,6 +16,8 @@ COPY nginx/nginx.conf /etc/nginx/nginx.conf
 
 COPY --from=builder /ng-app/dist /quotes/quotes/assets
 
+RUN addgroup -g 9999 lilia
+
 EXPOSE 80
 
 ENTRYPOINT ["nginx", "-g", "daemon off;"]
diff --git a/api/Dockerfile b/api/Dockerfile
index 9f89110..3e9833f 100644
--- a/api/Dockerfile
+++ b/api/Dockerfile
@@ -5,6 +5,10 @@ COPY . .
 
 RUN pip install --no-cache-dir --requirement requirements.txt
 
+RUN addgroup -g 9999 lilia
+
 EXPOSE 5000
 
+USER nobody:lilia
+
 ENTRYPOINT ["python", "app.py"]
diff --git a/cms/Dockerfile b/cms/Dockerfile
index 60b56e0..f422f19 100644
--- a/cms/Dockerfile
+++ b/cms/Dockerfile
@@ -13,12 +13,18 @@ RUN sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php7/php.ini && \
 
 COPY php-fpm.conf /etc/php7/php-fpm.d/zz-docker.conf
 
-COPY grav /app/
+RUN addgroup -g 9999 lilia
+
+COPY --chown=nobody:lilia grav /app/
+
+USER nobody:lilia
 
 WORKDIR /app
 RUN php7 bin/gpm install admin form login email
 RUN php7 bin/grav install
 
+USER root:root
+
 EXPOSE 9000
 
-CMD ["php-fpm7", "--allow-to-run-as-root"]
+CMD ["php-fpm7"]
diff --git a/cms/php-fpm.conf b/cms/php-fpm.conf
index 84072ad..357063f 100644
--- a/cms/php-fpm.conf
+++ b/cms/php-fpm.conf
@@ -3,8 +3,8 @@ daemonize = no
 error_log = /proc/self/fd/2
 
 [www]
-user = root
-group = root
+user = nobody
+group = lilia
 listen = 9000
 clear_env = no
 catch_workers_output = yes
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 20b4c55..8bce9c4 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,4 +1,4 @@
-user  nginx;
+user  nginx lilia;
 worker_processes  1;
 
 error_log  /var/log/nginx/error.log warn;