diff --git a/dbrepo-data-service/Dockerfile b/dbrepo-data-service/Dockerfile
index d4016836d91bf88f09ad60279689d9b16b5d9bb8..806908a8affe8d64b0aa3d6927418eaed8cd1e1e 100644
--- a/dbrepo-data-service/Dockerfile
+++ b/dbrepo-data-service/Dockerfile
@@ -28,9 +28,9 @@ RUN apk add --no-cache curl bash jq
 
 WORKDIR /app
 
-USER 65534
+USER 1001
 
-COPY --from=build --chown=65534 ./rest-service/target/rest-service-*.jar ./data-service.jar
+COPY --from=build --chown=1001 ./rest-service/target/rest-service-*.jar ./data-service.jar
 
 # non-root port
 EXPOSE 8080
diff --git a/dbrepo-metadata-service/Dockerfile b/dbrepo-metadata-service/Dockerfile
index 75fe485c16073094c202a476cd55ddf5c6fb84e7..1a37bf7e7e0a87c9c4e9caac814f005b3847badf 100644
--- a/dbrepo-metadata-service/Dockerfile
+++ b/dbrepo-metadata-service/Dockerfile
@@ -34,9 +34,9 @@ RUN apk add --no-cache curl bash jq
 
 WORKDIR /app
 
-USER 65534
+USER 1001
 
-COPY --from=build --chown=65534 ./rest-service/target/dbrepo-metadata-service-rest-service-*.jar ./metadata-service.jar
+COPY --from=build --chown=1001 ./rest-service/target/dbrepo-metadata-service-rest-service-*.jar ./metadata-service.jar
 
 # non-root port
 EXPOSE 8080
diff --git a/dbrepo-ui/Dockerfile b/dbrepo-ui/Dockerfile
index 4604261abf0224bffac33edf948c7451e9937789..d7b63d8f89b577a05878eb591b40f171e9431e0e 100644
--- a/dbrepo-ui/Dockerfile
+++ b/dbrepo-ui/Dockerfile
@@ -1,10 +1,8 @@
-FROM oven/bun:1.0.26-alpine as build
-MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
+FROM oven/bun:1.0.26-alpine AS build
 
 WORKDIR /app
 
 COPY ./package.json ./package.json
-COPY ./bun.lockb ./bun.lockb
 
 RUN bun install
 
@@ -27,16 +25,17 @@ COPY ./nuxt.config.ts ./nuxt.config.ts
 RUN bun run build
 
 FROM oven/bun:1.0.26-alpine as runtime
-MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
 
 ARG APP_VERSION="latest"
 ARG COMMIT=""
 
-USER 65534
+USER 1000
 
 WORKDIR /app
 
-COPY --from=build --chown=65534 /app/.output /app/.output
+COPY --from=build --chown=1000 /app/.output /app/.output
+
+RUN chmod -R 755 /app/.output
 
 ENV NUXT_PUBLIC_VERSION="${APP_VERSION:-}"
 ENV NUXT_PUBLIC_COMMIT="${COMMIT:-}"
diff --git a/dbrepo-ui/bun.lockb b/dbrepo-ui/bun.lockb
deleted file mode 100755
index 2ae1649f86a2cfc2d75d6e45a0c9490ad434ae02..0000000000000000000000000000000000000000
Binary files a/dbrepo-ui/bun.lockb and /dev/null differ
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index 37def836c82ad76f0512b8bb6293b5463cb50c0b..0ae0af178af2c40149511578a35dcb48dc6e296e 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -697,7 +697,7 @@ ui:
     runAsGroup: 1000
     runAsNonRoot: true
     allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: false
+    readOnlyRootFilesystem: true
     capabilities:
       drop: [ "ALL" ]
     seccompProfile: