diff --git a/support/build.Dockerfile b/support/build.Dockerfile
index 4f3b04d..735c937 100644
--- a/support/build.Dockerfile
+++ b/support/build.Dockerfile
@@ -5,10 +5,11 @@ RUN make
 
 FROM docker.io/library/alpine:3.20
 ENV UID="1000" GID="1000" HOST="0.0.0.0" PORT="8001" PREFIX="/" FOLLOW_SYMLINKS="false" SKIP_HIDDEN_FILES="true" DATADIR="/shared" READONLY="false" VERB="false"
+COPY --from=builder /gossaSrc/gossa /gossa
 RUN addgroup -g ${GID} user \
     && adduser -D -u ${UID} -G user user
-COPY --from=builder /gossaSrc/gossa /gossa
+WORKDIR ${DATADIR}
+RUN chown ${UID}:${GID} ${DATADIR}
 USER ${UID}:${GID}
-WORKDIR /home/user/${DATADIR}
 ENTRYPOINT /gossa -h ${HOST} -p ${PORT} -k=${SKIP_HIDDEN_FILES} -ro=${READONLY} --symlinks=${FOLLOW_SYMLINKS} --prefix=${PREFIX} --verb=${VERB} ${DATADIR}
 HEALTHCHECK --timeout=5s --start-period=5s --retries=3 CMD wget --no-verbose --tries=1 --spider 127.0.0.1:8001 || exit 1
\ No newline at end of file
diff --git a/support/docker-compose.yml b/support/docker-compose.yml
index ac4ab8b..1a7b3b5 100644
--- a/support/docker-compose.yml
+++ b/support/docker-compose.yml
@@ -8,10 +8,11 @@ services:
     read_only: true
     # uncomment to set the user
     # user: "1000:1000"
+    # userns_mode: "keep-id" # uncomment if using rootless podman as well as the x-podman directive at the bottom
     # environment:
       #- READONLY=true # uncomment to set gossa as read only
-      #- UID=1000 # this should match the user set above
-      #- GID=1000 # this should match the user's group
+      # - UID=1000 # this should match the user set above
+      # - GID=1000 # this should match the user's group
     cap_drop:
       - ALL
     cap_add:
@@ -33,3 +34,6 @@ services:
 #      - "traefik.port=8001"
 #      - "traefik.backend=gossa"
 #      - "traefik.frontend.rule=Host:${GOSSA}.${DOMAIN}"
+
+# x-podman: # uncomment if using rootless podman as well as the userns_mode directive at the top
+#  in_pod: false
\ No newline at end of file