diff --git a/deploy/entrypoint.sh b/deploy/entrypoint.sh
index fdc589e..d4912cb 100755
--- a/deploy/entrypoint.sh
+++ b/deploy/entrypoint.sh
@@ -59,7 +59,9 @@ do
     sleep 8
 done
 
+addgroup -g 12003 spj
+adduser -u 12000 -S -G spj server
 
-chown -R nobody:nogroup $DATA $APP/dist
-chmod -R 700 $DATA/test_case
+chown -R server:spj $DATA $APP/dist
+chmod 710 $DATA/test_case
 exec supervisord -c /app/deploy/supervisord.conf
diff --git a/deploy/supervisord.conf b/deploy/supervisord.conf
index 6b23166..1b94699 100644
--- a/deploy/supervisord.conf
+++ b/deploy/supervisord.conf
@@ -28,9 +28,8 @@ stopwaitsecs = 5
 killasgroup=true
 
 [program:gunicorn]
-command=sh -c "gunicorn oj.wsgi --user nobody -b 127.0.0.1:8080 --reload -w `grep -c ^processor /proc/cpuinfo`"
+command=sh -c "gunicorn oj.wsgi --user server --group spj  -b 127.0.0.1:8080 --reload -w `grep -c ^processor /proc/cpuinfo`"
 directory=/app/
-user=nobody
 stdout_logfile=/data/log/gunicorn.log
 stderr_logfile=/data/log/gunicorn.log
 autostart=true
diff --git a/problem/views/admin.py b/problem/views/admin.py
index 600005e..a357cea 100644
--- a/problem/views/admin.py
+++ b/problem/views/admin.py
@@ -45,6 +45,7 @@ class TestCaseZipProcessor(object):
         test_case_id = rand_str()
         test_case_dir = os.path.join(settings.TEST_CASE_DIR, test_case_id)
         os.mkdir(test_case_dir)
+        os.chmod(test_case_dir, 0o710)
 
         size_cache = {}
         md5_cache = {}
@@ -80,9 +81,8 @@ class TestCaseZipProcessor(object):
         with open(os.path.join(test_case_dir, "info"), "w", encoding="utf-8") as f:
             f.write(json.dumps(test_case_info, indent=4))
 
-        os.chmod(test_case_dir, 0o700)
         for item in os.listdir(test_case_dir):
-            os.chmod(os.path.join(test_case_dir, item), 0o600)
+            os.chmod(os.path.join(test_case_dir, item), 0o640)
 
         return info, test_case_id