diff --git a/.gitea/workflows/ docker-image.deploy.yml b/.gitea/workflows/ docker-image.deploy.yml
index 7b0930e..70a4314 100644
--- a/.gitea/workflows/ docker-image.deploy.yml	
+++ b/.gitea/workflows/ docker-image.deploy.yml	
@@ -16,14 +16,21 @@ jobs:
     
     - name: Checkout code
       uses: actions/checkout@v4
-    
-    - name: Start BuildKit
+
+    - name: Create non-root user for BuildKit
       run: |
-        mkdir -p /run/buildkit
-        buildkitd \
-          --root /tmp/buildkit \
-          --addr unix:///run/buildkit/buildkitd.sock \
-          >/tmp/buildkitd.log 2>&1 &
+        adduser -D -u 1000 builder
+
+    - name: Start BuildKit (rootless)
+      run: |
+        su builder -c '
+          export XDG_RUNTIME_DIR=/tmp/buildkit
+          mkdir -p $XDG_RUNTIME_DIR
+          buildkitd \
+            --root /home/builder/.local/share/buildkit \
+            --addr unix://$XDG_RUNTIME_DIR/buildkitd.sock \
+            >/home/builder/buildkitd.log 2>&1 &
+        '
         sleep 3
 
     - name: Check BuildKit daemon
@@ -47,11 +54,15 @@ jobs:
 
     - name: Build and push image
       run: |
-        buildctl \
-          --addr unix:///run/buildkit/buildkitd.sock \
-          build \
-          --frontend=dockerfile.v0 \
-          --local context=./pbsclient \
-          --local dockerfile=./pbsclient/docker \
-          --opt filename=Dockerfile \
-          --output type=image,name=git.limbosolutions.com/kb/pbsclient:latest,push=true
+        su builder -c '
+          export XDG_RUNTIME_DIR=/tmp/buildkit
+          buildctl \
+            --addr unix://$XDG_RUNTIME_DIR/buildkitd.sock \
+            build \
+            --frontend=dockerfile.v0 \
+            --local context=./pbsclient \
+            --local dockerfile=./pbsclient/docker \
+            --opt filename=Dockerfile \
+            --output type=image,name=git.limbosolutions.com/kb/pbsclient:latest,push=true '
+
+