diff --git a/Dockerfile b/Dockerfile
index bbeacfb..35f24a1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,8 +17,8 @@ RUN mkdir -p /var/run/sshd &&     chmod 775 /var/run/sshd
 # PidFile: Point to /tmp for guaranteed write access
 RUN echo "Port 2222\nPermitRootLogin no\nPasswordAuthentication no\nPubkeyAuthentication yes\nStrictModes no\nPidFile /tmp/sshd.pid\nHostKey /data/ssh/ssh_host_rsa_key\nHostKey /data/ssh/ssh_host_ecdsa_key\nHostKey /data/ssh/ssh_host_ed25519_key\nAuthorizedKeysFile .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nSubsystem sftp /usr/lib/openssh/sftp-server" > /etc/ssh/sshd_config
 
-# Create a user 'claw' with sudo access
-RUN useradd -m -s /bin/bash claw &&     echo "claw ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers &&     chmod -R g+rwX /home/claw
+# Create a user 'claw' (UID 1000) with sudo access
+RUN useradd -m -s /bin/bash -u 1000 claw &&     echo "claw ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers &&     chmod -R g+rwX /home/claw
 
 # Prepare volume mount point
 # Mount persistent storage here
@@ -31,6 +31,9 @@ WORKDIR /data
 # Expose SSH port (non-privileged)
 EXPOSE 2222
 
+# Switch to user 'claw' (UID 1000)
+USER claw
+
 # Start SSH daemon
 # Fix: StrictModes no handles permissions, but chmod 600 helps sanity.
 CMD ["/bin/bash", "-c", "mkdir -p /data/ssh && if [ ! -f /data/ssh/ssh_host_rsa_key ]; then     echo 'Generating persistent host keys...';     ssh-keygen -f /data/ssh/ssh_host_rsa_key -N '' -t rsa;     ssh-keygen -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa;     ssh-keygen -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519; fi && chmod 600 /data/ssh/ssh_host_*_key && /usr/sbin/sshd -D -f /etc/ssh/sshd_config"]
\ No newline at end of file