diff --git a/debian/Dockerfile b/debian/Dockerfile
index f624ec50..b51fbcc0 100644
--- a/debian/Dockerfile
+++ b/debian/Dockerfile
@@ -53,7 +53,9 @@ ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/
 
 RUN groupadd --system --gid 636 apisix \
     && useradd --system --gid apisix --no-create-home --shell /usr/sbin/nologin --uid 636 apisix \
-    && chown -R apisix:apisix /usr/local/apisix
+    && chown -R apisix:apisix /usr/local/apisix \
+    && chgrp -R 0 /usr/local/apisix \
+    && chmod -R g=u /usr/local/apisix
 
 USER apisix
 
diff --git a/redhat/Dockerfile b/redhat/Dockerfile
index 7ef439bd..f6b4dcf9 100644
--- a/redhat/Dockerfile
+++ b/redhat/Dockerfile
@@ -35,11 +35,19 @@ WORKDIR /usr/local/apisix
 
 ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin
 
+RUN groupadd --system --gid 636 apisix \
+    && useradd --system --gid apisix --no-create-home --shell /usr/sbin/nologin --uid 636 apisix \
+    && chown -R apisix:apisix /usr/local/apisix \
+    && chgrp -R 0 /usr/local/apisix \
+    && chmod -R g=u /usr/local/apisix
+
 # forward request and error logs to docker log collector
 RUN ln -sf /dev/stdout /usr/local/apisix/logs/access.log \
     && ln -sf /dev/stderr /usr/local/apisix/logs/error.log \
     && rm /usr/local/openresty/bin/etcdctl
 
+USER apisix
+
 EXPOSE 9080 9443
 
 COPY ./docker-entrypoint.sh /docker-entrypoint.sh
diff --git a/ubuntu/Dockerfile b/ubuntu/Dockerfile
index 98cc717e..cd0f3e66 100644
--- a/ubuntu/Dockerfile
+++ b/ubuntu/Dockerfile
@@ -53,7 +53,9 @@ ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/
 
 RUN groupadd --system --gid 636 apisix \
     && useradd --system --gid apisix --no-create-home --shell /usr/sbin/nologin --uid 636 apisix \
-    && chown -R apisix:apisix /usr/local/apisix
+    && chown -R apisix:apisix /usr/local/apisix \
+    && chgrp -R 0 /usr/local/apisix \
+    && chmod -R g=u /usr/local/apisix
 
 USER apisix