diff --git a/2.9/alpine/Dockerfile b/2.9/alpine/Dockerfile
index 31c9ec2..3e3c451 100644
--- a/2.9/alpine/Dockerfile
+++ b/2.9/alpine/Dockerfile
@@ -32,10 +32,11 @@ RUN set -eux; \
 	esac; \
 	wget -O /tmp/caddy.tar.gz "https://github.com/caddyserver/caddy/releases/download/v2.9.1/caddy_2.9.1_linux_${binArch}.tar.gz"; \
 	echo "$checksum  /tmp/caddy.tar.gz" | sha512sum -c; \
-	tar x -z -f /tmp/caddy.tar.gz -C /usr/bin caddy; \
+	tar x -z -f /tmp/caddy.tar.gz -C /usr/bin caddy && chown 0:0 /usr/bin/caddy;\
 	rm -f /tmp/caddy.tar.gz; \
 	setcap cap_net_bind_service=+ep /usr/bin/caddy; \
 	chmod +x /usr/bin/caddy; \
+	chmod -R g=u /config /data /etc/caddy /usr/share/caddy /usr/bin/caddy; \
 	caddy version
 
 # See https://caddyserver.com/docs/conventions#file-locations for details
diff --git a/Dockerfile.tmpl b/Dockerfile.tmpl
index 9d9dce8..ddf0886 100644
--- a/Dockerfile.tmpl
+++ b/Dockerfile.tmpl
@@ -32,10 +32,11 @@ RUN set -eux; \
 	esac; \
 	wget -O /tmp/caddy.tar.gz "https://github.com/caddyserver/caddy/releases/download/v{{ .config.caddy_version }}/caddy_{{ .config.caddy_version }}_linux_${binArch}.tar.gz"; \
 	echo "$checksum  /tmp/caddy.tar.gz" | sha512sum -c; \
-	tar x -z -f /tmp/caddy.tar.gz -C /usr/bin caddy; \
+	tar x -z -f /tmp/caddy.tar.gz -C /usr/bin caddy && chown 0:0 /usr/bin/caddy;\
 	rm -f /tmp/caddy.tar.gz; \
 	setcap cap_net_bind_service=+ep /usr/bin/caddy; \
 	chmod +x /usr/bin/caddy; \
+	chmod -R g=u /config /data /etc/caddy /usr/share/caddy /usr/bin/caddy; \
 	caddy version
 
 # See https://caddyserver.com/docs/conventions#file-locations for details