diff --git a/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile b/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile
index c95dd39..5dbc973 100644
--- a/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile
+++ b/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile
@@ -18,10 +18,13 @@ FROM eclipse-temurin:11-jre-focal
 
 ARG spark_uid=185
 
+RUN groupadd --system --gid=${spark_uid} spark && \
+    useradd --system --uid=${spark_uid} --gid=spark spark
+
 RUN set -ex && \
     apt-get update && \
     ln -s /lib /lib64 && \
-    apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools && \
+    apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools gosu && \
     apt install -y python3 python3-pip && \
     pip3 install --upgrade pip setuptools && \
     apt install -y r-base r-base-dev && \
@@ -30,6 +33,7 @@ RUN set -ex && \
     mkdir -p /opt/spark/examples && \
     mkdir -p /opt/spark/work-dir && \
     touch /opt/spark/RELEASE && \
+    chown -R spark:spark /opt/spark && \
     rm /bin/sh && \
     ln -sv /bin/bash /bin/sh && \
     echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \
@@ -55,6 +59,7 @@ RUN set -ex; \
     rm -rf "$GNUPGHOME" spark.tgz.asc; \
     \
     tar -xf spark.tgz --strip-components=1; \
+    chown -R spark:spark .; \
     mv jars /opt/spark/; \
     mv bin /opt/spark/; \
     mv sbin /opt/spark/; \
@@ -79,6 +84,3 @@ RUN chmod a+x /opt/decom.sh
 RUN chmod a+x /opt/entrypoint.sh
 
 ENTRYPOINT [ "/opt/entrypoint.sh" ]
-
-# Specify the User that the actual main process will run as
-USER ${spark_uid}
diff --git a/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh
index cfd7a69..4bb1557 100644
--- a/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh
+++ b/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh
@@ -103,5 +103,12 @@ case "$1" in
     ;;
 esac
 
+# Switch to spark if no USER specified (root by default) otherwise use USER directly
+switch_spark_if_root() {
+  if [ $(id -u) -eq 0 ]; then
+    echo gosu spark
+  fi
+}
+
 # Execute the container CMD under tini for better hygiene
-exec /usr/bin/tini -s -- "${CMD[@]}"
+exec $(switch_spark_if_root) /usr/bin/tini -s -- "${CMD[@]}"
diff --git a/3.3.0/scala2.12-java11-python3-ubuntu/Dockerfile b/3.3.0/scala2.12-java11-python3-ubuntu/Dockerfile
index e3d9829..85e06ce 100644
--- a/3.3.0/scala2.12-java11-python3-ubuntu/Dockerfile
+++ b/3.3.0/scala2.12-java11-python3-ubuntu/Dockerfile
@@ -18,10 +18,13 @@ FROM eclipse-temurin:11-jre-focal
 
 ARG spark_uid=185
 
+RUN groupadd --system --gid=${spark_uid} spark && \
+    useradd --system --uid=${spark_uid} --gid=spark spark
+
 RUN set -ex && \
     apt-get update && \
     ln -s /lib /lib64 && \
-    apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools && \
+    apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools gosu && \
     apt install -y python3 python3-pip && \
     pip3 install --upgrade pip setuptools && \
     mkdir -p /opt/spark && \
@@ -29,6 +32,7 @@ RUN set -ex && \
     mkdir -p /opt/spark/examples && \
     mkdir -p /opt/spark/work-dir && \
     touch /opt/spark/RELEASE && \
+    chown -R spark:spark /opt/spark && \
     rm /bin/sh && \
     ln -sv /bin/bash /bin/sh && \
     echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \
@@ -54,6 +58,7 @@ RUN set -ex; \
     rm -rf "$GNUPGHOME" spark.tgz.asc; \
     \
     tar -xf spark.tgz --strip-components=1; \
+    chown -R spark:spark .; \
     mv jars /opt/spark/; \
     mv bin /opt/spark/; \
     mv sbin /opt/spark/; \
@@ -76,6 +81,3 @@ RUN chmod a+x /opt/decom.sh
 RUN chmod a+x /opt/entrypoint.sh
 
 ENTRYPOINT [ "/opt/entrypoint.sh" ]
-
-# Specify the User that the actual main process will run as
-USER ${spark_uid}
diff --git a/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh
index cfd7a69..4bb1557 100644
--- a/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh
+++ b/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh
@@ -103,5 +103,12 @@ case "$1" in
     ;;
 esac
 
+# Switch to spark if no USER specified (root by default) otherwise use USER directly
+switch_spark_if_root() {
+  if [ $(id -u) -eq 0 ]; then
+    echo gosu spark
+  fi
+}
+
 # Execute the container CMD under tini for better hygiene
-exec /usr/bin/tini -s -- "${CMD[@]}"
+exec $(switch_spark_if_root) /usr/bin/tini -s -- "${CMD[@]}"
diff --git a/3.3.0/scala2.12-java11-r-ubuntu/Dockerfile b/3.3.0/scala2.12-java11-r-ubuntu/Dockerfile
index 9745f54..753d585 100644
--- a/3.3.0/scala2.12-java11-r-ubuntu/Dockerfile
+++ b/3.3.0/scala2.12-java11-r-ubuntu/Dockerfile
@@ -18,15 +18,19 @@ FROM eclipse-temurin:11-jre-focal
 
 ARG spark_uid=185
 
+RUN groupadd --system --gid=${spark_uid} spark && \
+    useradd --system --uid=${spark_uid} --gid=spark spark
+
 RUN set -ex && \
     apt-get update && \
     ln -s /lib /lib64 && \
-    apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools && \
+    apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools gosu && \
     apt install -y r-base r-base-dev && \
     mkdir -p /opt/spark && \
     mkdir -p /opt/spark/examples && \
     mkdir -p /opt/spark/work-dir && \
     touch /opt/spark/RELEASE && \
+    chown -R spark:spark /opt/spark && \
     rm /bin/sh && \
     ln -sv /bin/bash /bin/sh && \
     echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \
@@ -52,6 +56,7 @@ RUN set -ex; \
     rm -rf "$GNUPGHOME" spark.tgz.asc; \
     \
     tar -xf spark.tgz --strip-components=1; \
+    chown -R spark:spark .; \
     mv jars /opt/spark/; \
     mv bin /opt/spark/; \
     mv sbin /opt/spark/; \
@@ -74,6 +79,3 @@ RUN chmod a+x /opt/decom.sh
 RUN chmod a+x /opt/entrypoint.sh
 
 ENTRYPOINT [ "/opt/entrypoint.sh" ]
-
-# Specify the User that the actual main process will run as
-USER ${spark_uid}
diff --git a/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh
index cfd7a69..4bb1557 100644
--- a/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh
+++ b/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh
@@ -103,5 +103,12 @@ case "$1" in
     ;;
 esac
 
+# Switch to spark if no USER specified (root by default) otherwise use USER directly
+switch_spark_if_root() {
+  if [ $(id -u) -eq 0 ]; then
+    echo gosu spark
+  fi
+}
+
 # Execute the container CMD under tini for better hygiene
-exec /usr/bin/tini -s -- "${CMD[@]}"
+exec $(switch_spark_if_root) /usr/bin/tini -s -- "${CMD[@]}"
diff --git a/3.3.0/scala2.12-java11-ubuntu/Dockerfile b/3.3.0/scala2.12-java11-ubuntu/Dockerfile
index ecbcc32..1e4c604 100644
--- a/3.3.0/scala2.12-java11-ubuntu/Dockerfile
+++ b/3.3.0/scala2.12-java11-ubuntu/Dockerfile
@@ -18,14 +18,18 @@ FROM eclipse-temurin:11-jre-focal
 
 ARG spark_uid=185
 
+RUN groupadd --system --gid=${spark_uid} spark && \
+    useradd --system --uid=${spark_uid} --gid=spark spark
+
 RUN set -ex && \
     apt-get update && \
     ln -s /lib /lib64 && \
-    apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools && \
+    apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools gosu && \
     mkdir -p /opt/spark && \
     mkdir -p /opt/spark/examples && \
     mkdir -p /opt/spark/work-dir && \
     touch /opt/spark/RELEASE && \
+    chown -R spark:spark /opt/spark && \
     rm /bin/sh && \
     ln -sv /bin/bash /bin/sh && \
     echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \
@@ -51,6 +55,7 @@ RUN set -ex; \
     rm -rf "$GNUPGHOME" spark.tgz.asc; \
     \
     tar -xf spark.tgz --strip-components=1; \
+    chown -R spark:spark .; \
     mv jars /opt/spark/; \
     mv bin /opt/spark/; \
     mv sbin /opt/spark/; \
@@ -71,6 +76,3 @@ RUN chmod a+x /opt/decom.sh
 RUN chmod a+x /opt/entrypoint.sh
 
 ENTRYPOINT [ "/opt/entrypoint.sh" ]
-
-# Specify the User that the actual main process will run as
-USER ${spark_uid}
diff --git a/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh
index cfd7a69..4bb1557 100644
--- a/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh
+++ b/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh
@@ -103,5 +103,12 @@ case "$1" in
     ;;
 esac
 
+# Switch to spark if no USER specified (root by default) otherwise use USER directly
+switch_spark_if_root() {
+  if [ $(id -u) -eq 0 ]; then
+    echo gosu spark
+  fi
+}
+
 # Execute the container CMD under tini for better hygiene
-exec /usr/bin/tini -s -- "${CMD[@]}"
+exec $(switch_spark_if_root) /usr/bin/tini -s -- "${CMD[@]}"