diff --git a/Containerfile b/Containerfile
index 52cdcc6..53764f2 100644
--- a/Containerfile
+++ b/Containerfile
@@ -18,8 +18,20 @@ RUN mkdir -p /usr/local/share/imapfilter
 
 COPY --from=builder /src/imapfilter/src/imapfilter /usr/local/bin/
 COPY --from=builder /src/imapfilter/src/*.lua /usr/local/share/imapfilter/
+
+# ensure every user can run imapfilter
+RUN chmod a+x /usr/local/bin/imapfilter
+
 ADD scripts/entryPoint.sh /entryPoint.sh
 
 RUN chmod +x /entryPoint.sh
 
+# add a user for running imapfilter in the container
+RUN addgroup imapfilter && adduser -D -G imapfilter imapfilter
+# ensure a homedirectory for the user exists and has correct access rights
+RUN mkdir -p /home/imapfilter && chown imapfilter.imapfilter /home/imapfilter
+
+# run everything as the imapfilter user
+USER imapfilter
+
 ENTRYPOINT ["/sbin/tini", "--", "/entryPoint.sh"]
\ No newline at end of file
diff --git a/scripts/entryPoint.sh b/scripts/entryPoint.sh
index 4b3a30e..abcde20 100755
--- a/scripts/entryPoint.sh
+++ b/scripts/entryPoint.sh
@@ -1,9 +1,9 @@
 #!/bin/bash
 
-export IMAPFILTER_HOME=/imapfilter/
+export IMAPFILTER_HOME=/home/imapfilter/
 
 if [ ! -e ${IMAPFILTER_HOME}/config.lua ]; then
-    echo "please provide a config.lua from a configmap"
+    echo "please provide a config.lua from a configmap or bindmount to ${IMAPFILTER_HOME}/config.lua"
     exit 255
 fi