diff --git a/docker-compose.yml b/docker-compose.yml
index f5330de..853ad98 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -53,15 +53,14 @@ services:
     restart: unless-stopped
     networks: 
       - vaultwarden
+    user: "70:70"
+    read_only: true
+    tmpfs:
+      - /var/run/postgresql:size=50M,mode=0770,uid=70,gid=70,noexec,nosuid,nodev
     security_opt:
       - no-new-privileges:true
     cap_drop:
       - ALL
-    cap_add:
-      - CHOWN
-      - DAC_READ_SEARCH
-      - SETGID
-      - SETUID
 
 volumes:
   postgres: