diff --git a/pica-etherpad/Dockerfile b/pica-etherpad/Dockerfile
index 87c5d1e6e1bc28cc3710bd8e673a47b7618bb073..202aeeef562c58d4ef5ac73da68ce80c743910ac 100644
--- a/pica-etherpad/Dockerfile
+++ b/pica-etherpad/Dockerfile
@@ -13,6 +13,9 @@ ARG ETHERPAD_PLUGINS="\
   ep_pads_stats ep_prompt_for_name ep_set_title_on_pad \
   ep_subscript_and_superscript"
 
+
+
+
 RUN apt-get update && \
     apt-get install -y \
       curl \
@@ -25,15 +28,27 @@ RUN apt-get update && \
       unzip && \
     mkdir -p /opt/etherpad-lite/
 
+# Try to stick to the LDAP UID for etherpad (OU=services)
+# WARNING: is also defined hereinbelow
+
+ARG UID=5004
+
+RUN useradd --uid ${UID} --create-home etherpad
+
+RUN chown etherpad /opt/etherpad-lite
+
 WORKDIR /opt/etherpad-lite
-# Install Etherpad
+
+# Install Etherpad, as user etherpad
+USER etherpad
+
 RUN curl -SL https://github.com/ether/etherpad-lite/archive/${ETHERPAD_VERSION_BUILD}.zip > etherpad.zip && \
     unzip etherpad && \
     rm -Rf etherpad.zip etherpad-lite-${ETHERPAD_VERSION_BUILD}/.git && \
     mv etherpad-lite-${ETHERPAD_VERSION_BUILD}/* . && \
     bin/installDeps.sh
 
-COPY ./landing-page ./src/templates/landing-page
+COPY --chown=etherpad ./landing-page ./src/templates/landing-page
 
 # Build and replace landing page
 RUN npm install minify && \
@@ -51,28 +66,39 @@ RUN for PLUGIN_NAME in ${ETHERPAD_PLUGINS}; do npm install "${PLUGIN_NAME}"; don
 FROM base
 
 # Try to stick to the LDAP UID for etherpad (OU=services)
+# WARNING: is also defined hereinabove
+
 ARG UID=5004
-COPY entrypoint.sh /opt/etherpad-lite/entrypoint.sh
 
 RUN useradd --uid ${UID} --create-home etherpad
 
+USER etherpad
+
 # Import des fichiers téléchargés dans l'image downloader
 COPY --from=downloader /opt/etherpad-lite /opt/etherpad-lite/
-RUN chown -R etherpad /opt/etherpad-lite
 
+
+# Install debian packages, as root
+USER root
 RUN apt-get update && \
     apt-get install -y curl nano postgresql-client && \
-    chmod +x /opt/etherpad-lite/entrypoint.sh && \
-    usermod -d /opt/etherpad-lite etherpad && \
-    chown -R etherpad /opt/etherpad-lite && \
     rm -rf /var/lib/apt/lists/*
 
+# Created folder for deleted pads
 RUN mkdir /opt/etherpad-lite/deleted_pads && \
     chown -R etherpad:etherpad /opt/etherpad-lite/deleted_pads
 
+# Set etherpad as owner of etherpad (permission for its content was already set in downloader)
+RUN chown etherpad:etherpad /opt/etherpad-lite
+
+# Copy entrypoint script
+COPY entrypoint.sh /opt/etherpad-lite/entrypoint.sh
+RUN chmod +x /opt/etherpad-lite/entrypoint.sh && \
+	usermod -d /opt/etherpad-lite etherpad
+
+# Settings for entrypoint
+USER etherpad
 EXPOSE 8080
 HEALTHCHECK --interval=20s --timeout=3s CMD curl --fail http://localhost:8080 || exit 1
 WORKDIR /opt/etherpad-lite/
-USER etherpad
-
 ENTRYPOINT ["/opt/etherpad-lite/entrypoint.sh", "/bin/bash", "-c", "/opt/etherpad-lite/bin/run.sh" ]