diff --git a/2.4/Dockerfile b/2.4/Dockerfile
index 6083e29..55bc0d5 100644
--- a/2.4/Dockerfile
+++ b/2.4/Dockerfile
@@ -13,7 +13,6 @@ RUN set -ex; \
     # Create directories for Dav data and lock database.
     mkdir -p "/var/lib/dav/data"; \
     touch "/var/lib/dav/DavLock"; \
-    chown -R www-data:www-data "/var/lib/dav"; \
     \
     # Enable DAV modules.
     for i in dav dav_fs; do \
@@ -30,11 +29,6 @@ RUN set -ex; \
         sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "conf/httpd.conf"; \
     done; \
     \
-    # Run httpd as "www-data" (instead of "daemon").
-    for i in User Group; do \
-        sed -i -e "s|^$i .*|$i www-data|" "conf/httpd.conf"; \
-    done; \
-    \
     # Include enabled configs and sites.
     printf '%s\n' "Include conf/conf-enabled/*.conf" \
         >> "conf/httpd.conf"; \
diff --git a/2.4/docker-entrypoint.sh b/2.4/docker-entrypoint.sh
index 3ee4575..6713f7a 100755
--- a/2.4/docker-entrypoint.sh
+++ b/2.4/docker-entrypoint.sh
@@ -10,9 +10,14 @@ set -e
 #   PASSWORD
 #   ANONYMOUS_METHODS
 #   SSL_CERT
+#   PUID
+#   PGID
+#   PUMASK
 
 # Just in case this environment variable has gone missing.
 HTTPD_PREFIX="${HTTPD_PREFIX:-/usr/local/apache2}"
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
 
 # Configure vhosts.
 if [ "x$SERVER_NAMES" != "x" ]; then
@@ -98,9 +103,22 @@ if [ -e /privkey.pem ] && [ -e /cert.pem ]; then
         "$HTTPD_PREFIX/conf/sites-enabled"
 fi
 
+# add PUID:PGID, ignore error
+addgroup -g $PGID -S user-group 1>/dev/null || true
+adduser -u $PUID -S user 1>/dev/null || true
+
+# Run httpd as PUID:PGID
+sed -i -e "s|^User .*|User #$PUID|" "$HTTPD_PREFIX/conf/httpd.conf"; 
+sed -i -e "s|^Group .*|Group #$PGID|" "$HTTPD_PREFIX/conf/httpd.conf"; 
+
 # Create directories for Dav data and lock database.
 [ ! -d "/var/lib/dav/data" ] && mkdir -p "/var/lib/dav/data"
 [ ! -e "/var/lib/dav/DavLock" ] && touch "/var/lib/dav/DavLock"
-chown -R www-data:www-data "/var/lib/dav"
+chown $PUID:$PGID "/var/lib/dav/DavLock"
+
+# Set umask
+if [ "x$PUMASK" != "x" ]; then
+    umask $PUMASK
+fi
 
 exec "$@"
diff --git a/README.md b/README.md
index f9b9e8e..89e86cc 100644
--- a/README.md
+++ b/README.md
@@ -48,6 +48,8 @@ services:
       AUTH_TYPE: Digest
       USERNAME: alice
       PASSWORD: secret1234
+      PUID: 1000
+      GUID: 1000
     volumes:
       - /srv/dav:/var/lib/dav
 
@@ -104,4 +106,7 @@ All environment variables are optional. You probably want to at least specify `U
 * **`PASSWORD`**: Authenticate with this password (and the username above). This is ignored if you bind mount your own authentication file to `/user.passwd`.
 * **`ANONYMOUS_METHODS`**: Comma-separated list of HTTP request methods (eg, `GET,POST,OPTIONS,PROPFIND`). Clients can use any method you specify here without authentication. Set to `ALL` to disable authentication. The default is to disallow any anonymous access.
 * **`SSL_CERT`**: Set to `selfsigned` to generate a self-signed certificate and enable Apache's SSL module. If you specify `SERVER_NAMES`, the first domain is set as the Common Name.
+* **`PUID`**: file owner's UID of `/var/lib/dav`
+* **`PGID`**: file owner's GID of `/var/lib/dav`
+