diff --git a/ci/release-image/Dockerfile b/ci/release-image/Dockerfile
index defc15c9f..4dcd2bfb4 100644
--- a/ci/release-image/Dockerfile
+++ b/ci/release-image/Dockerfile
@@ -35,9 +35,10 @@ RUN ARCH="$(dpkg --print-architecture)" && \
     printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
 
 COPY release-packages/code-server*.deb /tmp/
+COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
 RUN dpkg -i /tmp/code-server*$(dpkg --print-architecture).deb && rm /tmp/code-server*.deb
 
 EXPOSE 8080
 USER coder
 WORKDIR /home/coder
-ENTRYPOINT ["dumb-init", "fixuid", "-q", "/usr/bin/code-server", "--bind-addr", "0.0.0.0:8080", "."]
+ENTRYPOINT ["/usr/bin/entrypoint.sh", "--bind-addr", "0.0.0.0:8080", "."]
diff --git a/ci/release-image/entrypoint.sh b/ci/release-image/entrypoint.sh
new file mode 100755
index 000000000..6e7525ce6
--- /dev/null
+++ b/ci/release-image/entrypoint.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env sh
+set -eu
+
+if [ "${DOCKER_USER-}" ]; then
+  echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
+  sudo usermod --login "$DOCKER_USER" \
+    --move-home --home "/home/$DOCKER_USER" \
+    coder
+  sudo groupmod -n "$DOCKER_USER" coder
+
+  sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
+  sudo sed -i "s/coder/$DOCKER_USER/g" /etc/fixuid/config.yml
+  export HOME="/home/$DOCKER_USER"
+fi
+
+# This isn't set by default.
+export USER="$(whoami)"
+dumb-init fixuid -q /usr/bin/code-server "$@"