diff --git a/Dockerfile b/Dockerfile
index 07d3904ad05..405af066062 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -60,15 +60,12 @@ EXPOSE 8080
 # Swarm Websockets; must be exposed publicly when the node is listening using the websocket transport (/ipX/.../tcp/8081/ws).
 EXPOSE 8081
 
-# Create the fs-repo directory
+# Create the fs-repo directory and switch to a non-privileged user.
 ENV IPFS_PATH /data/ipfs
 RUN mkdir -p $IPFS_PATH \
   && adduser -D -h $IPFS_PATH -u 1000 -G users ipfs \
   && chown ipfs:users $IPFS_PATH
 
-# Switch to a non-privileged user
-USER ipfs
-
 # Expose the fs-repo as a volume.
 # start_ipfs initializes an fs-repo if none is mounted.
 # Important this happens after the USER directive so permission are correct.
diff --git a/Dockerfile.fast b/Dockerfile.fast
index 4775ee1a2f6..0c03328eb21 100644
--- a/Dockerfile.fast
+++ b/Dockerfile.fast
@@ -53,18 +53,14 @@ EXPOSE 5001
 EXPOSE 8080
 EXPOSE 8081
 
-# Create the fs-repo directory
+# Create the fs-repo directory and switch to a non-privileged user.
 ENV IPFS_PATH /data/ipfs
 RUN mkdir -p $IPFS_PATH \
   && useradd -s /usr/sbin/nologin -d $IPFS_PATH -u 1000 -G users ipfs \
   && chown ipfs:users $IPFS_PATH
 
-# Switch to a non-privileged user
-USER ipfs
-
 # Expose the fs-repo as a volume.
 # start_ipfs initializes an fs-repo if none is mounted.
-# Important this happens after the USER directive so permission are correct.
 VOLUME $IPFS_PATH
 
 # The default logging level