diff --git a/docker/zun/zun-api/Dockerfile.j2 b/docker/zun/zun-api/Dockerfile.j2
index 19e73ffb05..01f665b43a 100644
--- a/docker/zun/zun-api/Dockerfile.j2
+++ b/docker/zun/zun-api/Dockerfile.j2
@@ -15,3 +15,5 @@ RUN chmod 755 /usr/local/bin/kolla_zun_extend_start
 
 {% block zun_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}
+
+USER zun
diff --git a/docker/zun/zun-base/Dockerfile.j2 b/docker/zun/zun-base/Dockerfile.j2
index 9f502ae9c9..4e887bceef 100644
--- a/docker/zun/zun-base/Dockerfile.j2
+++ b/docker/zun/zun-base/Dockerfile.j2
@@ -56,9 +56,12 @@ RUN ln -s zun-base-source/* zun \
 
 {% endif %}
 
+COPY zun_sudoers /etc/sudoers.d/kolla_zun_sudoers
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 
-RUN touch /usr/local/bin/kolla_zun_extend_start \
+RUN chmod 750 /etc/sudoers.d \
+    && chmod 640 /etc/sudoers.d/kolla_zun_sudoers \
+    && touch /usr/local/bin/kolla_zun_extend_start \
     && chmod 755 /var/www/cgi-bin/zun \
     && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_zun_extend_start
 
diff --git a/docker/zun/zun-base/zun_sudoers b/docker/zun/zun-base/zun_sudoers
new file mode 100644
index 0000000000..fd35f4cb57
--- /dev/null
+++ b/docker/zun/zun-base/zun_sudoers
@@ -0,0 +1 @@
+zun ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/zun-rootwrap /etc/zun/rootwrap.conf *
diff --git a/docker/zun/zun-compute/Dockerfile.j2 b/docker/zun/zun-compute/Dockerfile.j2
index a469598ecc..23ab689f74 100644
--- a/docker/zun/zun-compute/Dockerfile.j2
+++ b/docker/zun/zun-compute/Dockerfile.j2
@@ -12,3 +12,5 @@ RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \
 
 {% block zun_compute_footer %}{% endblock %}
 {% block footer %}{% endblock %}
+
+USER zun
diff --git a/docker/zun/zun-wsproxy/Dockerfile.j2 b/docker/zun/zun-wsproxy/Dockerfile.j2
index 67cfe1f2b9..4c14c50721 100644
--- a/docker/zun/zun-wsproxy/Dockerfile.j2
+++ b/docker/zun/zun-wsproxy/Dockerfile.j2
@@ -12,3 +12,5 @@ RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \
 
 {% block zun_wsproxy_footer %}{% endblock %}
 {% block footer %}{% endblock %}
+
+USER zun