diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml
index 7f77b9ec9d..c70bf1223e 100644
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -35,6 +35,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
     env_file:
       - .env
+    user: ${S_UID:-0}:${S_GID:-0}
     environment:
       IMMICH_REPOSITORY: immich-app/immich
       IMMICH_REPOSITORY_URL: https://github.com/immich-app/immich
@@ -66,8 +67,8 @@ services:
   immich-web:
     container_name: immich_web
     image: immich-web-dev:latest
-    # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
-    # user: 0:0
+    # user: 0:0 needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
+    user: ${W_UID:-1000}:${W_GID:-1000}
     build:
       context: ../
       dockerfile: web/Dockerfile
diff --git a/server/Dockerfile b/server/Dockerfile
index a11cfcbd54..6f0c89c3a9 100644
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -6,7 +6,12 @@ RUN apt-get update && apt-get install --no-install-recommends -yqq tini make
 WORKDIR /usr/src/app
 COPY ./server/package* ./server/
 WORKDIR /usr/src/app/server
-RUN npm ci && \
+RUN echo "umask 000" >> /etc/profile && \
+  echo "umask 000" >> /etc/bash.bashrc && \
+  umask 000 && \
+  chmod o+wx /usr/src/app && \
+  chmod o+wx /usr/src/app/server && \
+  npm ci && \
   # exiftool-vendored.pl, sharp-linux-x64 and sharp-linux-arm64 are the only ones we need
   # they're marked as optional dependencies, so we need to copy them manually after pruning
   rm -rf node_modules/@img/sharp-libvips* && \
@@ -28,17 +33,14 @@ RUN apt-get update && \
 RUN usermod -aG sudo node
 RUN echo "node ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 RUN mkdir -p /workspaces/immich
-RUN chown node -R /workspaces
-COPY --chown=node:node --chmod=777 ../.devcontainer/server/*.sh /immich-devcontainer/
+COPY --chmod=777 ../.devcontainer/server/*.sh /immich-devcontainer/
 
-USER node
-COPY --chown=node:node .. /tmp/create-dep-cache/
+COPY .. /tmp/create-dep-cache/
 WORKDIR /tmp/create-dep-cache
 RUN make ci-all && rm -rf /tmp/create-dep-cache
 
-
 FROM dev-container-server AS dev-container-mobile
-USER root
+
 # Enable multiarch for arm64 if necessary
 RUN if [ "$(dpkg --print-architecture)" = "arm64" ]; then \
   dpkg --add-architecture amd64 && \
@@ -64,7 +66,6 @@ RUN mkdir -p ${FLUTTER_HOME} \
   && rm flutter.tar.xz \
   && chown -R node ${FLUTTER_HOME}
 
-USER node
 RUN sudo apt-get update \
   && wget -qO- https://dcm.dev/pgp-key.public | sudo gpg --dearmor -o /usr/share/keyrings/dcm.gpg \
   && echo 'deb [signed-by=/usr/share/keyrings/dcm.gpg arch=amd64] https://dcm.dev/debian stable main' | sudo tee /etc/apt/sources.list.d/dart_stable.list \
diff --git a/web/Dockerfile b/web/Dockerfile
index 1db76c7c7f..d52be86478 100644
--- a/web/Dockerfile
+++ b/web/Dockerfile
@@ -9,7 +9,10 @@ COPY --chown=node:node ./open-api ./open-api/
 COPY --chown=node:node Makefile ./
 
 WORKDIR /usr/src/app/web
-RUN npm ci
+RUN umask 000 && \
+  find /usr/src/app -type d -exec chmod o+rwx {} \; && \
+  find /usr/src/app -type f -exec chmod o+rw {} \; && \
+  npm ci
 
 ENV CHOKIDAR_USEPOLLING=true
 EXPOSE 24678