diff --git a/Dockerfile b/Dockerfile
index 38443d1..3babc00 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM umputun/baseimage:buildgo-latest as build
+FROM umputun/baseimage:buildgo-latest AS build
 
 ARG GIT_BRANCH
 ARG GITHUB_SHA
@@ -20,10 +20,12 @@ RUN \
 FROM umputun/baseimage:app-latest
 LABEL org.opencontainers.image.source="https://github.com/umputun/docker-logger"
 
+# run as root by default because docker socket access requires it on most systems.
+# to run as non-root, set APP_UID=1001 and DOCKER_GID to match the host's docker socket GID.
+ENV APP_UID=0
+
 COPY --from=build /build/docker-logger /srv/docker-logger
-RUN \
-    chown -R app:app /srv && \
-    chmod +x /srv/docker-logger
+RUN chmod +x /srv/docker-logger
 WORKDIR /srv
 
 VOLUME ["/srv/logs"]
diff --git a/README.md b/README.md
index cd76215..7ebcfdf 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,28 @@ All changes can be done via container's environment in `docker-compose.yml` or w
 - both `--exclude` and `--exclude-pattern` flags are optional and mutually exclusive, i.e. if `--exclude` defined `--exclude-pattern` not allowed, and vice versa.
 - cross-kind combinations are also mutually exclusive: `--include` + `--exclude-pattern`, `--include-pattern` + `--exclude`, and `--include-pattern` + `--exclude-pattern` are not allowed.
 
-## Build from the source
+## Running as Non-Root
+
+By default, the container runs as root because access to the Docker socket (`/var/run/docker.sock`) requires it on most systems. To run as a non-root user, set the following environment variables:
+
+- `APP_UID` — the user ID for the application process (e.g., `1001`)
+- `DOCKER_GID` — the group ID that owns the Docker socket on the host
+
+To find the Docker socket GID on the host, run:
+
+```shell
+stat -c '%g' /var/run/docker.sock
+```
+
+Then configure the container accordingly:
+
+```yaml
+environment:
+    - APP_UID=1001
+    - DOCKER_GID=998  # use the value from the command above
+```
+
+## Build from the Source
 
 - clone this repo - `git clone https://github.com/umputun/docker-logger.git`
 - build the logger - `cd docker-logger && docker build -t umputun/docker-logger .`
diff --git a/docker-compose.yml b/docker-compose.yml
index dae5079..539ce03 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,3 @@
-version: '2'
-
 services:
     logger:
         build: .
@@ -22,9 +20,12 @@ services:
             - MAX_SIZE=50
             - MAX_AGE=20
             - DEBUG=false
-#            - TIME_ZONE=America/Chicago
+            # - TIME_ZONE=America/Chicago
+            ## to run as non-root, set APP_UID to the desired user id and DOCKER_GID
+            ## to the group id owning /var/run/docker.sock on the host (check with: stat -c '%g' /var/run/docker.sock)
+            # - APP_UID=1001
+            # - DOCKER_GID=999
 
         volumes:
             - ./logs:/srv/logs
             - /var/run/docker.sock:/var/run/docker.sock
-