diff --git a/backend/Dockerfile b/backend/Dockerfile
index d4ce0c5..6d337a4 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,9 +1,9 @@
 FROM alpine:3.12
 
-ENV UID=1000 GID=1000
-RUN export user=youtube \
-  && addgroup -S $user -g $GID && adduser -D -S $user -G $user -u $UID
-USER $user
+ENV UID=1000 \
+  GID=1000 \
+  USER=youtube
+RUN addgroup -S $USER -g $GID && adduser -D -S $USER -G $USER -u $UID
 
 RUN apk add --no-cache \
     ffmpeg \
@@ -13,6 +13,8 @@ RUN apk add --no-cache \
   && apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing/ \
     atomicparsley
 
+# switch to default user to not chown node_modules on startup
+USER $USER
 WORKDIR /app
 
 COPY --chown=$UID:$GID [ "package.json", "package-lock.json", "/app/" ]
@@ -21,5 +23,7 @@ RUN npm install
 COPY --chown=$UID:$GID [ "./", "/app/" ]
 
 EXPOSE 17442
+# switch back to root to allow UID/GID changing
+USER root
 ENTRYPOINT [ "/app/entrypoint.sh" ]
 CMD [ "node", "app.js" ]
diff --git a/backend/entrypoint.sh b/backend/entrypoint.sh
index 137e984..51df772 100755
--- a/backend/entrypoint.sh
+++ b/backend/entrypoint.sh
@@ -9,7 +9,7 @@ if [ "${1#-}" != "$1" ]; then
 fi
 
 # chown current working directory to current user
-if [ "$@" = "$CMD" ] && [ "$(id -u)" = "0" ]; then
+if [ "$*" = "$CMD" ] && [ "$(id -u)" = "0" ]; then
   find . \! -user "$UID" -exec chown "$UID:$GID" -R '{}' +
   exec su-exec "$UID:$GID" "$0" "$@"
 fi