diff --git a/Dockerfile b/Dockerfile
index 9b4028d..a041e7d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,8 +12,6 @@ RUN chown nobody:nogroup /data
 COPY mover.sh /mover.sh
 COPY entrypoint.sh /entrypoint.sh
 
-# Switch user
-USER nobody
 WORKDIR /tmp
 
 ENTRYPOINT [ "/tini", "--", "/entrypoint.sh" ]
diff --git a/entrypoint.sh b/entrypoint.sh
index 45113e1..c61965a 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -9,11 +9,13 @@ export INCOMING="${INCOMING:-${SHARED_WARCS_DIR}/incoming/}"
 export UPLOAD_QUEUE="${UPLOAD_QUEUE:-${SHARED_WARCS_DIR}/upload-queue/}"
 
 mkdir -pv "${INCOMING}"
+chown nobody:nogroup "${INCOMING}"
 mkdir -pv "${UPLOAD_QUEUE}"
+chown nobody:nogroup "${UPLOAD_QUEUE}"
 
 case "$1" in
 	"mover")
-		/mover.sh
+		setpriv --reuid=nobody --regid=nogroup --init-groups --inh-caps=-all /mover.sh
 		;;
 
 esac