diff --git a/docker/imap/Dockerfile b/docker/imap/Dockerfile
index 984061fe..1d17665c 100644
--- a/docker/imap/Dockerfile
+++ b/docker/imap/Dockerfile
@@ -1,79 +1,68 @@
 FROM almalinux:8
 
 LABEL maintainer="contact@apheleia-it.ch"
 LABEL dist=centos8
 LABEL tier=${TIER}
 
 ENV DISTRO=centos8
 # ENV LANG=en_US.utf8
 # ENV LC_ALL=en_US.utf8
 
 # Add EPEL.
 RUN dnf -y install dnf-plugin-config-manager && \
     dnf config-manager --set-enabled powertools && \
     dnf -y install epel-release && \
     dnf -y install iputils vim-enhanced bind-utils && \
     dnf clean all
 RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
 
 # Install kolab
 RUN rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc && \
     rpm -Uvh https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el8.rpm
 RUN sed -i -e '/^ssl/d' /etc/yum.repos.d/kolab*.repo && \
     dnf config-manager --enable kolab-16-testing &&\
     dnf -y --setopt tsflags= install patch &&\
     dnf clean all
 
 RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || :
 
 WORKDIR /root/
 
 RUN dnf -y group install "Development Tools"; \
     dnf -y builddep cyrus-imapd; \
     dnf -y install git perl-devel cyrus-sasl cyrus-sasl-plain procps-ng iputils bind-utils sudo
 
 RUN git clone --branch dev/mollekopf https://git.kolab.org/source/cyrus-imapd && \
     cd cyrus-imapd && \
     autoreconf -i && \
     ./configure CFLAGS="-W -Wno-unused-parameter -g -O0 -Wall -Wextra -Werror -fPIC" --enable-murder --enable-http --enable-calalarmd --enable-autocreate --enable-idled --with-openssl=yes --enable-replication --prefix=/usr && \
     make -j6 && \
     make install
 
 COPY cyrus.conf /etc/cyrus.conf
 COPY imapd.conf /etc/imapd.conf
 COPY imapd.annotations.conf /etc/imapd.annotations.conf
 COPY saslauthd.conf /etc/saslauthd.conf
 
 ADD init.sh /init.sh
 
-# RUN chgrp -R 0 /opt/app-root/src && \
-#     chmod -R g=u /opt/app-root/src
-
-RUN mkdir -p /run/saslauthd && \
-    chmod 777 /run/saslauthd &&  \
-    chmod -R 777 /run && \
-    mkdir -p /var/run && \
-    chmod -R 777 /var/run && \
-    mkdir -p /var/lib/imap && \
-    chmod 777 /var/lib/imap && \
-    mkdir -p /var/spool/imap && \
-    chmod 777 /var/spool/imap && \
-    mkdir -p /etc/pki/cyrus-imapd/ && \
-    chmod 777 /etc/pki/cyrus-imapd/
-
 VOLUME [ "/var/spool/imap" ]
 VOLUME [ "/var/lib/imap" ]
 
-RUN chown -R 1001:0 /etc /var/lib/imap /var/spool/imap /var/run /run /etc/pki/cyrus-imapd/ && \
-    chmod -R g=u /etc /var/lib/imap /var/spool/imap /var/run /run /etc/pki/cyrus-imapd/
+RUN id default || (groupadd -g 1001 default && useradd -u 1001 -g 1001 default)
 
-RUN echo 'default ALL=NOPASSWD: ALL' >> /etc/sudoers && \
-    chown root:root /etc/sudoers /etc/sudo.conf /etc/sudoers.d
+RUN PATHS=(/run /run/saslauthd /var/run /var/lib/imap /var/spool/imap /etc/pki/cyrus-imapd) && \
+    mkdir -p ${PATHS[@]} && \
+    chmod 777 ${PATHS[@]} && \
+    chown -R 1001:0 ${PATHS[@]} && \
+    chmod -R g=u ${PATHS[@]}
 
-RUN id default || (groupadd -g 1001 default && useradd -d /opt/app-root/ -u 1001 -g 1001 default)
-USER 1001
+RUN PATHS=(/etc /etc/passwd /etc/saslauthd.conf /etc/cyrus.conf /etc/imapd.conf) && \
+    chown 1001:0 ${PATHS[@]} && \
+    chmod g=u ${PATHS[@]}
 
+USER 1001
 
 CMD ["/init.sh"]
 
 EXPOSE 11143/tcp 11993/tcp 11080/tcp 11443/tcp 11024/tcp
diff --git a/docker/imap/init.sh b/docker/imap/init.sh
index 2d8d37ca..194172a6 100755
--- a/docker/imap/init.sh
+++ b/docker/imap/init.sh
@@ -1,33 +1,33 @@
 #!/bin/bash
 
 
 sed -i -r \
     -e "s|IMAP_ADMIN_LOGIN|$IMAP_ADMIN_LOGIN|g" \
     -e "s|IMAP_ADMIN_PASSWORD|$IMAP_ADMIN_PASSWORD|g" \
     /etc/imapd.conf
 
 sed -i -r \
     -e "s|APP_DOMAIN|$APP_DOMAIN|g" \
     /etc/saslauthd.conf
 
-mkdir /var/lib/imap/socket
+mkdir -p /var/lib/imap/socket
 
 cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
 chown 1001:0 /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
 
 /usr/sbin/saslauthd -m /run/saslauthd -a httpform -d &
 # Can't run as user because of /dev/ permissions so far.
 # Cyrus imap only logs to /dev/log, no way around it it seems.
 # sudo rsyslogd
 
 
 # Cyrus needs an entry in /etc/passwd. THe alternative would be perhaps the nss_wrapper
 # https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
 # FIXME: This probably currently just works because we make /etc/ writable, which I suppose we shouldn't.
 ID=$(id -u)
 GID=$(id -g)
 echo "$ID:x:$ID:$GID::/opt/app-root/:/bin/bash" > /etc/passwd
 
 exec env CYRUS_VERBOSE=2 CYRUS_USER="$ID" /usr/libexec/master -D -p /var/run/master.pid -M /etc/cyrus.conf -C /etc/imapd.conf