diff --git a/build/Dockerfile b/build/Dockerfile
index 03c241f1c..652f65d5f 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -3,7 +3,25 @@
 # This dockerfile is configured to be run by the /corso/build/build-container.sh
 # script.  Using docker to build this file directly will fail.
 
-FROM ubuntu:latest
+FROM alpine:3.16
+
+ENV CORSO_HOME /app/corso
+
+# Add a well-know corso user to use by default
+RUN addgroup -g 1001 corso && \
+    adduser --shell /sbin/nologin --disabled-password \
+    --home $CORSO_HOME --uid 1001 --ingroup corso corso
+
+# Update to latest cert bundle in case there are changes
+RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
+
+# Default locations for key Kopia config as set in https://github.com/kopia/kopia/blob/master/tools/docker/Dockerfile
+ENV KOPIA_CONFIG_PATH=$CORSO_HOME/kopia/config/repository.config \
+	KOPIA_LOG_DIR=$CORSO_HOME/kopia/logs \
+	KOPIA_CACHE_DIRECTORY=$CORSO_HOME/kopia/cache \
+	RCLONE_CONFIG=$CORSO_HOME/kopia/rclone/rclone.conf \
+	KOPIA_PERSIST_CREDENTIALS_ON_CONNECT=false \
+	KOPIA_CHECK_FOR_UPDATES=false
 
 WORKDIR /
 
@@ -11,6 +29,6 @@ ARG TARGETOS
 ARG TARGETARCH
 COPY ./bin/${TARGETOS}-${TARGETARCH}/corso ./
 
-USER nobody
+USER corso
 
 ENTRYPOINT ["/corso"]