diff --git a/charts/monitor/templates/monitor-grafana-deployment.yaml b/charts/monitor/templates/monitor-grafana-deployment.yaml
index 29930d2..d59152b 100644
--- a/charts/monitor/templates/monitor-grafana-deployment.yaml
+++ b/charts/monitor/templates/monitor-grafana-deployment.yaml
@@ -22,6 +22,10 @@ spec:
       labels:
         app: drycc-monitor-grafana
     spec:
+      securityContext:
+        fsGroup: 1001
+        runAsGroup: 1001
+        runAsUser: 1001
       containers:
       - name: drycc-monitor-grafana
         image: {{.Values.grafana.imageRegistry}}/{{.Values.grafana.imageOrg}}/grafana:{{.Values.grafana.imageTag}}
diff --git a/charts/monitor/templates/monitor-telegraf-daemon.yaml b/charts/monitor/templates/monitor-telegraf-daemon.yaml
index c5ee5d0..581838c 100644
--- a/charts/monitor/templates/monitor-telegraf-daemon.yaml
+++ b/charts/monitor/templates/monitor-telegraf-daemon.yaml
@@ -19,12 +19,16 @@ spec:
       labels:
         app: drycc-monitor-telegraf
     spec:
+      securityContext:
+        fsGroup: 1001
+        runAsGroup: 1001
+        runAsUser: 1001
       serviceAccount: drycc-monitor-telegraf
       initContainers:
       - name: drycc-monitor-telegraf-init
         image: docker.io/drycc/python-dev:latest
         imagePullPolicy: {{.Values.imagePullPolicy}}
-        command:
+        args:
           - netcat
           - -v
           - -u
diff --git a/charts/monitor/templates/monitor-telegraf-deployment.yaml b/charts/monitor/templates/monitor-telegraf-deployment.yaml
index fcf8d5d..51f90a1 100644
--- a/charts/monitor/templates/monitor-telegraf-deployment.yaml
+++ b/charts/monitor/templates/monitor-telegraf-deployment.yaml
@@ -21,12 +21,16 @@ spec:
       labels:
         app: drycc-monitor-telegraf
     spec:
+      securityContext:
+        fsGroup: 1001
+        runAsGroup: 1001
+        runAsUser: 1001
       serviceAccount: drycc-monitor-telegraf
       initContainers:
       - name: drycc-monitor-telegraf-init
         image: docker.io/drycc/python-dev:latest
         imagePullPolicy: {{.Values.imagePullPolicy}}
-        command:
+        args:
           - netcat
           - -v
           - -u
diff --git a/grafana/rootfs/Dockerfile b/grafana/rootfs/Dockerfile
index 9ba02cd..c0375a1 100644
--- a/grafana/rootfs/Dockerfile
+++ b/grafana/rootfs/Dockerfile
@@ -1,11 +1,12 @@
 FROM docker.io/drycc/base:bullseye
 
-RUN adduser --system \
-   --shell /bin/bash \
-   --disabled-password \
-   --home /usr/share/grafana \
-   --group \
-   drycc
+ARG DRYCC_UID=1001
+ARG DRYCC_GID=1001
+ARG DRYCC_HOME_DIR=/usr/share/grafana
+
+RUN groupadd drycc --gid $DRYCC_GID \
+  && useradd drycc -u $DRYCC_UID -g $DRYCC_GID -s /bin/bash -m -d $DRYCC_HOME_DIR
+
 
 COPY . /
 ENV GRAFANA_VERSION="8.3.6" \
@@ -35,6 +36,6 @@ RUN install-packages fontconfig curl \
   && chmod +x /usr/share/grafana/entrypoint.sh
 
 USER drycc
-WORKDIR /usr/share/grafana
+WORKDIR $DRYCC_HOME_DIR
 CMD ["./start-grafana"]
 EXPOSE 3000
diff --git a/telegraf/rootfs/Dockerfile b/telegraf/rootfs/Dockerfile
index 72507b2..7f5616c 100644
--- a/telegraf/rootfs/Dockerfile
+++ b/telegraf/rootfs/Dockerfile
@@ -1,10 +1,11 @@
 FROM docker.io/drycc/base:bullseye
 
-RUN adduser --system \
-   --shell /bin/bash \
-   --disabled-password \
-   --group \
-   drycc
+ARG DRYCC_UID=1001
+ARG DRYCC_GID=1001
+ARG DRYCC_HOME_DIR=/home/telegraf
+
+RUN groupadd drycc --gid $DRYCC_GID \
+  && useradd drycc -u $DRYCC_UID -g $DRYCC_GID -s /bin/bash -m -d $DRYCC_HOME_DIR
 
 COPY . /
 ENV TELEGRAF_VERSION="1.21.3" \
@@ -27,7 +28,9 @@ RUN install-stack telegraf $TELEGRAF_VERSION \
       /lib/udev \
       /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/IBM* \
       /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/EBC* \
-  && bash -c "mkdir -p /usr/share/man/man{1..8}"
+  && mkdir -p /usr/share/man/man{1..8} \
+  && chown -R drycc:drycc $DRYCC_HOME_DIR
 
 USER drycc
+WORKDIR $DRYCC_HOME_DIR
 CMD ["/home/telegraf/start-telegraf"]