diff --git a/Dockerfile b/Dockerfile
index 382f6f330a..69a8cdbec1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -66,4 +66,6 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
 COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
+RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/environment-to-ini
+RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
 RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
diff --git a/Dockerfile.rootless b/Dockerfile.rootless
index 64dd12bb6b..3df6e8be66 100644
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -9,7 +9,7 @@ ENV GOPROXY ${GOPROXY:-direct}
 ARG GITEA_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
 ENV TAGS "bindata timetzdata $TAGS"
-ARG CGO_EXTRA_CFLAGS 
+ARG CGO_EXTRA_CFLAGS
 
 #Build deps
 RUN apk --no-cache add build-base git nodejs npm
@@ -55,6 +55,7 @@ RUN chown git:git /var/lib/gitea /etc/gitea
 COPY docker/rootless /
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /usr/local/bin/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
+RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /app/gitea/gitea /usr/local/bin/environment-to-ini /usr/local/bin/docker-setup.sh
 
 #git:git
 USER 1000:1000