diff --git a/Dockerfile b/Dockerfile
index 0f0eefe1..bd91cd16 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,7 @@
 # base image
 FROM pelias/baseimage
+RUN useradd -ms /bin/bash pelias
+USER pelias
 
 # maintainer information
 LABEL maintainer="pelias.team@gmail.com"
@@ -7,23 +9,17 @@ LABEL maintainer="pelias.team@gmail.com"
 EXPOSE 3100
 
 # Where the app is built and run inside the docker fs
-ENV WORK=/opt/pelias
+ENV WORK=/home/pelias
+WORKDIR ${WORK}
 
-# Used indirectly for saving npm logs etc.
-ENV HOME=/opt/pelias
+# copy package.json first to prevent npm install being rerun when only code changes
+COPY ./package.json ${WORK}
+RUN npm install
 
-WORKDIR ${WORK}
 COPY . ${WORK}
 
-# Build and set permissions for arbitrary non-root user
-RUN npm install && \
-  npm test && \
-  chmod -R a+rwX .
-
-# Don't run as root, because there's no reason to (https://docs.docker.com/engine/articles/dockerfile_best-practices/#user).
-# This also reveals permission problems on local Docker.
-RUN chown -R 9999:9999 ${WORK}
-USER 9999
+# only allow containers to succeed if tests pass
+RUN npm test
 
 # start service
 CMD [ "npm", "start" ]