diff --git a/backend/deploy/Dockerfile b/backend/deploy/Dockerfile
index 07ef359..6354daa 100644
--- a/backend/deploy/Dockerfile
+++ b/backend/deploy/Dockerfile
@@ -18,16 +18,14 @@ FROM alpine:3.21
 
 RUN apk add --no-cache ca-certificates tzdata
 
-# UID 65534 = nobody on Alpine, matches podSecurityContext.runAsUser
-RUN adduser -D -u 65534 -g '' nonroot
-
 WORKDIR /app
 
 COPY --from=builder /api .
 COPY --from=builder /go/bin/migrate /usr/local/bin/migrate
 COPY migrations/ ./migrations/
 
-USER nonroot:nonroot
+# alpine:3.21 already ships nobody at UID 65534 — matches podSecurityContext.runAsUser
+USER nobody:nobody
 
 EXPOSE 8080