diff --git a/Dockerfile b/Dockerfile
index 5f413c5d059f32e434fbc6a5c9cccef226a53c2f..f1813d4eaf7c1f3ea5344c80eec1bee8f0144e67 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
-MAINTAINER Jose Carlos Luna <Jose.Carlos.Luna@cern.ch>
 FROM golang:1.22.3 as builder
+MAINTAINER Jose Carlos Luna <Jose.Carlos.Luna@cern.ch>
 ARG MUSL_VERSION=1.2.5
 RUN wget https://www.musl-libc.org/releases/musl-${MUSL_VERSION}.tar.gz && \
    tar zxf musl-${MUSL_VERSION}.tar.gz && \
@@ -17,4 +17,4 @@ EXPOSE 443
 EXPOSE 80
 EXPOSE 53/tcp
 EXPOSE 53/udp
-ENTRYPOINT ["./gocanary"]
+ENTRYPOINT ["./gocanary", "--enable-hardening=false"]
diff --git a/configtools.go b/configtools.go
index b6896e56c002b07c95b93904ae54a24d21013612..09f39561e1e7ff592a6dc4e84c93fbd52cde6784 100644
--- a/configtools.go
+++ b/configtools.go
@@ -31,6 +31,7 @@ var dnsEnabled bool
 var dnsAnswerWith string
 var dnsNotAnswer bool
 var syslogEnabled bool
+var hardeningEnabled bool
 var domains []string
 var binPath string
 
@@ -76,6 +77,7 @@ func init() {
 	gocanaryCmd.PersistentFlags().BoolVar(&httpEnabled, "enable-http", true, "Enable HTTP listener")
 	gocanaryCmd.PersistentFlags().BoolVar(&dnsEnabled, "enable-dns", true, "Enable DNS listeners (tcp and udp)")
 	gocanaryCmd.PersistentFlags().BoolVar(&syslogEnabled, "enable-syslog", false, "Enable logging to syslog")
+	gocanaryCmd.PersistentFlags().BoolVar(&hardeningEnabled, "enable-hardening", true, "Enable hardening measures")
 	gocanaryCmd.PersistentFlags().StringArrayVar(&domains, "domain", []string{}, "Only respond to this domain (can be specified multiple times)")
 
 	_, filename, _, _ := runtime.Caller(1)
diff --git a/main.go b/main.go
index d121f358f801445dc547d7f2cf8724a135e97ae5..64485f4274f09ab36dfb1e3ff4589d0a5b59c8ed 100644
--- a/main.go
+++ b/main.go
@@ -25,7 +25,7 @@ import (
 func runCanary(cmd *cobra.Command, args []string) {
 	serverEnabled := false
 
-	//If running as root drop maximum privs
+	//If running as root drop maximum privs (do always)
 	harden.MinCapabilities()
 
 	//Initialize alerter/logger
@@ -54,9 +54,11 @@ func runCanary(cmd *cobra.Command, args []string) {
 	tokens.Initialize(canaryPath)
 
 	//Drop to nobody and LandLock
-	harden.DropPrivs()
-	slog.Debug("LandLocking")
-	harden.LandLock(binPath)
+	if hardeningEnabled {
+		harden.DropPrivs()
+		slog.Debug("LandLocking")
+		harden.LandLock(binPath)
+	}
 
 	// Block forever if any server is running
 	if serverEnabled {
diff --git a/utils/harden/harden.go b/utils/harden/harden.go
index 89f55032288844ee32d6fcb74b8e96971a551f93..bce8c0a5592033b57e09c9fd22fdf30bc4f06162 100644
--- a/utils/harden/harden.go
+++ b/utils/harden/harden.go
@@ -50,7 +50,8 @@ func MinCapabilities() {
 func DropRoot() {
 	userInfo, err := user.Lookup(switchToUser)
 	if err != nil {
-		log.Fatal(err)
+		log.Printf("User %s not found, changing to 65534", switchToUser)
+		userInfo = &user.User{Gid: "65534", Uid: "65534"}
 	}
 	// Convert group ID and user ID from string to int.
 	gid, err := strconv.Atoi(userInfo.Gid)