diff --git a/make/docker-compose.notary.yml b/make/docker-compose.notary.yml
index feab28a03..2999680df 100644
--- a/make/docker-compose.notary.yml
+++ b/make/docker-compose.notary.yml
@@ -16,8 +16,6 @@ services:
       - harbor-notary
     volumes:
       - ./common/config/notary:/config
-    entrypoint: /usr/bin/env sh
-    command: -c "/migrations/migrate.sh && notary-server -config=/config/server-config.json -logf=logfmt"
     depends_on:
       - notary-db
       - notary-signer
@@ -39,8 +37,6 @@ services:
       - ./common/config/notary:/config
     env_file:
       - ./common/config/notary/signer_env
-    entrypoint: /usr/bin/env sh
-    command: -c "/migrations/migrate.sh && notary-signer -config=/config/signer-config.json -logf=logfmt"
     depends_on:
       - notary-db
     logging:
diff --git a/make/photon/notary/server-start.sh b/make/photon/notary/server-start.sh
new file mode 100644
index 000000000..62083adb4
--- /dev/null
+++ b/make/photon/notary/server-start.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+chown 10000:10000 -R /config
+sudo -E -u \#10000 sh -c "/usr/bin/env /migrations/migrate.sh && /bin/notary-server -config=/config/server-config.json -logf=logfmt"
diff --git a/make/photon/notary/server.Dockerfile b/make/photon/notary/server.Dockerfile
index 740a3e26f..aa2c633a1 100644
--- a/make/photon/notary/server.Dockerfile
+++ b/make/photon/notary/server.Dockerfile
@@ -2,10 +2,15 @@ FROM vmware/photon:1.0
 
 RUN tdnf distro-sync -y \
     && tdnf erase vim -y \
-    && tdnf clean all
+    && tdnf install -y shadow sudo \
+    && tdnf clean all \
+    && groupadd -r -g 10000 notary \
+    && useradd --no-log-init -r -g 10000 -u 10000 notary
+
 COPY ./binary/notary-server /bin/notary-server
 COPY ./migrate /bin/migrate
 COPY ./migrations/ /migrations/
-
+COPY ./server-start.sh /bin/server-start.sh
+RUN chmod u+x /bin/notary-server /migrations/migrate.sh /bin/migrate /bin/server-start.sh
 ENV SERVICE_NAME=notary_server
-ENTRYPOINT [ "notary-server" ]
+ENTRYPOINT [ "/bin/server-start.sh" ]
diff --git a/make/photon/notary/signer-start.sh b/make/photon/notary/signer-start.sh
new file mode 100644
index 000000000..c6107dbac
--- /dev/null
+++ b/make/photon/notary/signer-start.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+chown 10000:10000 -R /config
+sudo -E -u \#10000 sh -c "/usr/bin/env && /migrations/migrate.sh && /bin/notary-signer -config=/config/signer-config.json -logf=logfmt"
diff --git a/make/photon/notary/signer.Dockerfile b/make/photon/notary/signer.Dockerfile
index e9c67bc13..b6b3b0b76 100644
--- a/make/photon/notary/signer.Dockerfile
+++ b/make/photon/notary/signer.Dockerfile
@@ -2,10 +2,15 @@ FROM vmware/photon:1.0
 
 RUN tdnf distro-sync -y \
     && tdnf erase vim -y \
-    && tdnf clean all
+    && tdnf install -y shadow sudo \
+    && tdnf clean all \
+    && groupadd -r -g 10000 notary \
+    && useradd --no-log-init -r -g 10000 -u 10000 notary
 COPY ./binary/notary-signer /bin/notary-signer
 COPY ./migrate /bin/migrate
 COPY ./migrations/ /migrations/
+COPY ./signer-start.sh /bin/signer-start.sh
 
+RUN chmod u+x /bin/notary-signer /migrations/migrate.sh /bin/migrate /bin/signer-start.sh
 ENV SERVICE_NAME=notary_signer
-ENTRYPOINT [ "notary-signer" ]
+ENTRYPOINT [ "/bin/signer-start.sh" ]