diff --git a/Dockerfile b/Dockerfile
index 9e5d035aa550daaac05fc6b0b16187f4e50eed57..c53f469e5fbaf3fc18718a54f94930561b3ac0f4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,6 +5,7 @@ LABEL usgs.geomag-algorithms.version=0.2.0
 
 
 # update os
+
 RUN apt-get update --fix-missing && \
     apt-get install -y --no-install-recommends \
         bzip2 \
@@ -39,15 +40,25 @@ COPY . /geomag-algorithms
 
 
 RUN pip install /geomag-algorithms && \
-    mkdir /notebooks
+    groupadd \
+        -g 1234 \
+        -r \
+        geomag_user && \
+    useradd \
+        -c 'Docker image user' \
+        -d /home/geomag_user \
+        -g geomag_user \
+        -r \
+        -s /sbin/nologin \
+        -u 1234 \
+         geomag_user && \
+    mkdir -p /home/geomag_user/notebooks && \
+    chown -R geomag_user:geomag_user /home/geomag_user
+
 
+USER geomag_user
 
-WORKDIR /geomag-algorithms
+WORKDIR /home/geomag_user
 EXPOSE 80
-CMD /bin/bash -c " \
-    exec jupyter notebook \
-        --ip='*' \
-        --notebook-dir=/notebooks \
-        --no-browser \
-        --port=80 \
-    "
+# entrypoint needs double quotes
+ENTRYPOINT [ "/geomag-algorithms/docker-entrypoint.sh" ]
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100755
index 0000000000000000000000000000000000000000..14f4954d147b505599e20b383b51e81740e49cd2
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,22 @@
+#! /bin/bash
+
+# run jupyter in the background, and forward SIGTERM manually.
+# "exec" seems like a much simpler solution for this,
+# however, jupyter kernels die noisy deaths when using exec.
+
+_term () {
+  echo 'Caught SIGERM'
+  kill -TERM "$child"
+}
+trap _term SIGTERM
+
+
+# run jupyter notebook server
+jupyter notebook \
+    --ip='*' \
+    --notebook-dir=/home/geomag_user/notebooks \
+    --no-browser \
+    --port=8000 &
+
+child=$!
+wait "$child"
diff --git a/docs/install_docker.md b/docs/install_docker.md
index 27022767f2cb0d665b2782d9242040bdedc32a77..1571d1f17b7697baaeaf17e91f0f25b227325404 100644
--- a/docs/install_docker.md
+++ b/docs/install_docker.md
@@ -20,7 +20,8 @@ docker run -d --name geomagio -p 8000:80 usgs/geomag-algorithms
 - `usgs/geomag-algorithms:latest` refers to the
   latest version of the geomag-algorithms docker image
 
-  > Notebooks are stored in the container in the directory `/notebooks`
+  > Notebooks are stored in the container in the directory
+  > `/home/geomag_user/notebooks`
 
 
 ### Use the container