diff --git a/docker/docker-py3-kms-minimal/Dockerfile b/docker/docker-py3-kms-minimal/Dockerfile
index 4fb1f36..64204e5 100644
--- a/docker/docker-py3-kms-minimal/Dockerfile
+++ b/docker/docker-py3-kms-minimal/Dockerfile
@@ -36,11 +36,10 @@ COPY docker/start.py /usr/bin/start.py
 RUN chmod 555 /usr/bin/entrypoint.py /usr/bin/healthcheck.py /usr/bin/start.py
 
 # Additional permission hardening: All files read-only for the executing user
-RUN chown root: -R /home/py-kms && \
-    chmod 444 -R /home/py-kms && \
-    chown py-kms: /home/py-kms && \
-    chmod 700 /home/py-kms && \
-    find /home/py-kms -type d -print -exec chmod +x {} ';'
+RUN find /home/py-kms -type f -print -exec chmod 444 {} ';' && \
+    find /home/py-kms -type d -print -exec chmod 555 {} ';' && \
+    chown root: -R /home/py-kms && \
+    chown py-kms: /home/py-kms
 
 WORKDIR /home/py-kms
 
diff --git a/docker/docker-py3-kms/Dockerfile b/docker/docker-py3-kms/Dockerfile
index 3c9846d..4b5e387 100644
--- a/docker/docker-py3-kms/Dockerfile
+++ b/docker/docker-py3-kms/Dockerfile
@@ -42,11 +42,10 @@ COPY docker/start.py /usr/bin/start.py
 RUN chmod 555 /usr/bin/entrypoint.py /usr/bin/healthcheck.py /usr/bin/start.py
 
 # Additional permission hardening: All files read-only for the executing user
-RUN chown root: -R /home/py-kms && \
-    chmod 444 -R /home/py-kms && \
-    chown py-kms: /home/py-kms && \
-    chmod 700 /home/py-kms && \
-    find /home/py-kms -type d -print -exec chmod +x {} ';'
+RUN find /home/py-kms -type f -print -exec chmod 444 {} ';' && \
+    find /home/py-kms -type d -print -exec chmod 555 {} ';' && \
+    chown root: -R /home/py-kms && \
+    chown py-kms: /home/py-kms
 
 # Web-interface specifics
 COPY LICENSE /LICENSE