diff --git a/docker/nova/nova-api/Dockerfile.j2 b/docker/nova/nova-api/Dockerfile.j2
index bd5270ac6606767a58b4e9ee0bad484d9cb5d12c..ef5fd1b44c8eff3183c9bc4a571f671766ba598f 100644
--- a/docker/nova/nova-api/Dockerfile.j2
+++ b/docker/nova/nova-api/Dockerfile.j2
@@ -14,3 +14,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
 {{ include_footer }}
+
+USER nova
diff --git a/docker/nova/nova-api/extend_start.sh b/docker/nova/nova-api/extend_start.sh
index 9b0e9d74623c48fe872a3462022bc8c18e7ad30b..93b63d53ff357b208dbaa47c7c70fb1e7f89cc1b 100644
--- a/docker/nova/nova-api/extend_start.sh
+++ b/docker/nova/nova-api/extend_start.sh
@@ -3,6 +3,6 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo -H -u nova nova-manage db sync
+    nova-manage db sync
     exit 0
 fi
diff --git a/docker/nova/nova-base/Dockerfile.j2 b/docker/nova/nova-base/Dockerfile.j2
index 4b2fea8b430290c6415110d3065bce86447dbbbb..3b48ff1fdb6462a513bc21c9273ef1546d646ef1 100644
--- a/docker/nova/nova-base/Dockerfile.j2
+++ b/docker/nova/nova-base/Dockerfile.j2
@@ -42,3 +42,5 @@ RUN ln -s nova-base-source/* nova \
     && chown -R nova: /etc/nova /var/log/nova /home/nova
 
 {% endif %}
+
+RUN usermod -a -G kolla nova
diff --git a/docker/nova/nova-compute/Dockerfile.j2 b/docker/nova/nova-compute/Dockerfile.j2
index 90dd8de2e93c32f32d28815fe17626b0e70185df..40dfdf862594255dbc31a5c68001ba6e87769935 100644
--- a/docker/nova/nova-compute/Dockerfile.j2
+++ b/docker/nova/nova-compute/Dockerfile.j2
@@ -39,3 +39,5 @@ RUN /var/lib/kolla/venv/bin/pip install --no-cache-dir libvirt-python
 {% endif %}
 
 {{ include_footer }}
+
+USER nova
diff --git a/docker/nova/nova-conductor/Dockerfile.j2 b/docker/nova/nova-conductor/Dockerfile.j2
index d1b5ddceaea6bbcb052eb1930e54ce18f23d9ae6..effb7a12024c509b913d3c578aae5afaf9faf4a0 100644
--- a/docker/nova/nova-conductor/Dockerfile.j2
+++ b/docker/nova/nova-conductor/Dockerfile.j2
@@ -11,3 +11,5 @@ RUN yum -y install openstack-nova-conductor \
 {% endif %}
 
 {{ include_footer }}
+
+USER nova
diff --git a/docker/nova/nova-consoleauth/Dockerfile.j2 b/docker/nova/nova-consoleauth/Dockerfile.j2
index f1298314031f46c351121f9e1e91c022c65cf37d..427144f01657e2fe6e182201b348a2227895c594 100644
--- a/docker/nova/nova-consoleauth/Dockerfile.j2
+++ b/docker/nova/nova-consoleauth/Dockerfile.j2
@@ -11,3 +11,5 @@ RUN yum -y install openstack-nova-console \
 {% endif %}
 
 {{ include_footer }}
+
+USER nova
diff --git a/docker/nova/nova-libvirt/Dockerfile.j2 b/docker/nova/nova-libvirt/Dockerfile.j2
index de4499c6554bc7474e5461c516ed9a3c86b6e3f6..d6eb7fd36719d0b7379d01fc2ae02cb7cca078c1 100644
--- a/docker/nova/nova-libvirt/Dockerfile.j2
+++ b/docker/nova/nova-libvirt/Dockerfile.j2
@@ -33,3 +33,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
 {{ include_footer }}
+
+USER nova
diff --git a/docker/nova/nova-network/Dockerfile.j2 b/docker/nova/nova-network/Dockerfile.j2
index 5d9ec3fc796d0b44f6d59d83fd2df2afcfc9b305..e0624fb63af530a456240b4a2c6f67709cf7c95e 100644
--- a/docker/nova/nova-network/Dockerfile.j2
+++ b/docker/nova/nova-network/Dockerfile.j2
@@ -21,3 +21,5 @@ RUN yum -y install initscripts \
 {% endif %}
 
 {{ include_footer }}
+
+USER nova
diff --git a/docker/nova/nova-novncproxy/Dockerfile.j2 b/docker/nova/nova-novncproxy/Dockerfile.j2
index 402d685325744e70df2c26d5952056c6723b0779..d216895f39ff16f735a8e2be420baf2aa26f30e4 100644
--- a/docker/nova/nova-novncproxy/Dockerfile.j2
+++ b/docker/nova/nova-novncproxy/Dockerfile.j2
@@ -18,3 +18,5 @@ RUN cd /usr/share && ln -s nova-novncproxy-source/* novnc
 {% endif %}
 
 {{ include_footer }}
+
+USER nova
diff --git a/docker/nova/nova-scheduler/Dockerfile.j2 b/docker/nova/nova-scheduler/Dockerfile.j2
index cd6e9b1c6679216cf94bc440e2f48f1a41dffe7b..0057a7cd944811380abec254b2c30477f1955726 100644
--- a/docker/nova/nova-scheduler/Dockerfile.j2
+++ b/docker/nova/nova-scheduler/Dockerfile.j2
@@ -11,3 +11,5 @@ RUN yum -y install openstack-nova-scheduler \
 {% endif %}
 
 {{ include_footer }}
+
+USER nova
diff --git a/docker/nova/nova-spicehtml5proxy/Dockerfile.j2 b/docker/nova/nova-spicehtml5proxy/Dockerfile.j2
index 6c95ddcafbbb98f2a914eb2bd27cfe2cdcf4048f..046277662b10698599ff43e204f6ed92dcea5161 100644
--- a/docker/nova/nova-spicehtml5proxy/Dockerfile.j2
+++ b/docker/nova/nova-spicehtml5proxy/Dockerfile.j2
@@ -16,3 +16,5 @@ RUN cd /usr/share && ln -s nova-spicehtml5proxy-source/* spice-html5
 {% endif %}
 
 {{ include_footer }}
+
+USER nova