diff --git a/agent2/alpine/Dockerfile b/agent2/alpine/Dockerfile
index 0f07369fb..3a3d1c5a6 100644
--- a/agent2/alpine/Dockerfile
+++ b/agent2/alpine/Dockerfile
@@ -10,10 +10,10 @@ LABEL org.opencontainers.image.title="Zabbix agent 2" \
 STOPSIGNAL SIGTERM
 
 RUN set -eux && \
-    addgroup -S -g 1000 zabbix && \
+    addgroup -S -g 1995 zabbix && \
     adduser -S \
-            -D -G zabbix \
-            -u 999 \
+            -D -G zabbix -G root \
+            -u 1997 \
             -h /var/lib/zabbix/ \
         zabbix && \
     mkdir -p /etc/zabbix && \
@@ -21,7 +21,6 @@ RUN set -eux && \
     mkdir -p /var/lib/zabbix && \
     mkdir -p /var/lib/zabbix/enc && \
     mkdir -p /var/lib/zabbix/modules && \
-    chown --quiet -R zabbix:root /var/lib/zabbix && \
     apk add --no-cache --clean-protected \
             tini \
             bash \
@@ -75,9 +74,11 @@ RUN set -eux && \
     cp /tmp/zabbix-${ZBX_VERSION}/src/zabbix_get/zabbix_get /usr/bin/zabbix_get && \
     cp /tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender /usr/bin/zabbix_sender && \
     cp /tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_agent2.conf /etc/zabbix/zabbix_agent2.conf && \
-    chown -R zabbix:zabbix /etc/zabbix/ && \
     cd /tmp/ && \
     rm -rf /tmp/zabbix-${ZBX_VERSION}/ && \
+    chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \
+    chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \
+    chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \
     apk del --purge --no-network \
             build-dependencies && \
     rm -rf /var/cache/apk/*
@@ -92,6 +93,6 @@ COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
 ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/docker-entrypoint.sh"]
 
-USER zabbix
+USER 1997
 
 CMD ["/usr/sbin/zabbix_agent2", "--foreground", "-c", "/etc/zabbix/zabbix_agent2.conf"]