diff --git a/Dockerfile b/Dockerfile
index 5c27e7c..d663d3c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -30,26 +30,32 @@ RUN npm run build
 # This is the final, lean image that will be run
 FROM base AS production
 
-# Set a non-root user for security
+# Install 'su-exec' which is a lightweight tool for switching users
+RUN apk add --no-cache su-exec
+
+# Create a non-root user and group for security
 RUN addgroup -S appgroup && adduser -S appuser -G appgroup
 
-# Copy only the necessary files from the previous stages
+# Copy application files from the build stage
 COPY --from=build /usr/src/app/node_modules ./node_modules
 COPY --from=build /usr/src/app/views ./views
 COPY --from=build /usr/src/app/static ./static
 COPY --from=build /usr/src/app/lib ./lib
 COPY --from=build /usr/src/app/server.js .
 COPY --from=build /usr/src/app/config.json .
+COPY --from=build /usr/src/app/entrypoint.sh /usr/local/bin/entrypoint.sh
 
-# Create the data directory and set correct permissions
-# This is the FIX for the EACCES error
-RUN mkdir -p data && chown -R appuser:appgroup .
+# Ensure the entrypoint script is executable
+RUN chmod +x /usr/local/bin/entrypoint.sh
 
-# Switch to the non-root user
-USER appuser
+# Create the data directory. The entrypoint will fix its permissions at runtime.
+RUN mkdir -p data
+
+# Set the entrypoint to our script
+ENTRYPOINT ["entrypoint.sh"]
 
 # Expose the port the app runs on
 EXPOSE 8080
 
-# The command to start the application
+# The default command to start the application. This gets passed to the entrypoint.
 CMD [ "node", "server.js" ]
\ No newline at end of file
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..564b125
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# This script ensures that the 'data' directory is owned by the 'appuser'
+# before the main application starts. This is crucial when using Docker volumes,
+# as the mounted directory from the host will be owned by root inside the container.
+
+# Set the ownership of the data directory to the non-root user.
+# The '-R' flag makes it recursive.
+chown -R appuser:appgroup /usr/src/app/data
+
+# Execute the main command (passed as arguments to this script)
+# as the non-root user 'appuser'.
+# 'su-exec' is a lightweight tool to switch users.
+# "$@" passes all arguments from the CMD line.
+exec su-exec appuser "$@"
\ No newline at end of file