diff --git a/Dockerfile b/Dockerfile
index bc329b3..34fae62 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,14 +4,18 @@ LABEL maintainer="carlos.alvaro@citelan.es"
 LABEL description="SaltStack master"
 LABEL version="2018.3.2"
 
-ENV SALT_DOCKER_DIR="/etc/salt-docker" \
+ENV SALT_DOCKER_DIR="/etc/docker-salt" \
     SALT_ROOT_DIR="/etc/salt" \
-    SALT_USER=root
+    SALT_USER="salt" \
+    SALT_HOME="/home/salt"
 
 ENV SALT_BUILD_DIR="${SALT_DOCKER_DIR}/build" \
-    SALT_CONFS_DIR="${SALT_DOCKER_DIR}/config" \
-    SALT_KEYS_DIR="${SALT_DOCKER_DIR}/keys" \
-    SALT_RUNTIME_DIR="${SALT_DOCKER_DIR}/runtime"
+    SALT_RUNTIME_DIR="${SALT_DOCKER_DIR}/runtime" \
+    SALT_DATA_DIR="${SALT_HOME}/data"
+
+ENV SALT_CONFS_DIR="${SALT_DATA_DIR}/config" \
+    SALT_KEYS_DIR="${SALT_DATA_DIR}/keys" \
+    SALT_BASE_DIR="${SALT_DATA_DIR}/srv"
 
 # Bootstrap script options:
 # https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html#command-line-options
@@ -31,32 +35,39 @@ ENV DEBIAN_FRONTEND=noninteractive
 # Install packages
 RUN apt-get update
 RUN apt-get install --yes --quiet --no-install-recommends \
-    ca-certificates apt-transport-https curl git vim python3 locales virt-what
+    ca-certificates apt-transport-https curl git vim python3 locales
 
 # Configure locales
 RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \
     locale-gen en_US.UTF-8 \
     dpkg-reconfigure locales
 
-EXPOSE 4505/tcp 4506/tcp
-RUN mkdir -p /srv ${SALT_KEYS_DIR} ${SALT_CONFS_DIR}
-VOLUME [ "/srv", "${SALT_KEYS_DIR}" "${SALT_CONFS_DIR}" ]
-
+# Install saltstack
 RUN mkdir -p ${SALT_BUILD_DIR}
 WORKDIR ${SALT_BUILD_DIR}
 
 RUN curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
 RUN sh bootstrap-salt.sh ${SALT_BOOTSTRAP_OPTS} git ${SALT_GIT_RELEASE}
 
-RUN apt-get clean --yes
-RUN rm -rf /var/lib/apt/lists/*
+# Salt user
+RUN useradd -d ${SALT_HOME} -ms /bin/bash -U -G root,sudo ${SALT_USER}
+RUN chown -R ${SALT_USER}: ${SALT_ROOT_DIR}
+
+EXPOSE 4505/tcp 4506/tcp
+RUN mkdir -p ${SALT_DATA_DIR} ${SALT_BASE_DIR} ${SALT_KEYS_DIR} ${SALT_CONFS_DIR}
+VOLUME [ "${SALT_BASE_DIR}" "${SALT_KEYS_DIR}" "${SALT_CONFS_DIR}" ]
 
 COPY assets/runtime ${SALT_RUNTIME_DIR}
 RUN chmod -R +x ${SALT_RUNTIME_DIR}
 
+# Cleaning tasks
+RUN apt-get clean --yes
+RUN rm -rf /var/lib/apt/lists/*
+
+# Entrypoint
 COPY entrypoint.sh /sbin/entrypoint.sh
 RUN chmod +x /sbin/entrypoint.sh
-WORKDIR ${SALT_DOCKER_DIR}
+WORKDIR ${SALT_HOME}
 
 ENTRYPOINT [ "/sbin/entrypoint.sh" ]
 CMD [ "app:start" ]
diff --git a/README.md b/README.md
index effc7d2..8eff7a5 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,7 @@ For other methods to install SaltStack please refer to the [Official SaltStack I
   - [Custom Recipes](#custom-recipes)
   - [Minion Keys](#minion-keys)
   - [Master Signed Keys](#master-signed-keys)
+  - [Host Mapping](#host-mapping)
   - [Available Configuration Parameters](#available-configuration-parameters)
 - [Usage](#usage)
 - [Shell Access](#shell-access)
@@ -73,7 +74,7 @@ But it is necessary to mount the `/srv/` volume ir order to provide your custom
 
 ### Minion Keys
 
-Minion keys can be added automatically on startup to SaltStack master by mounting the volume `/etc/salt-docker/keys` and copying the minion keys inside `keys/minions/` directory:
+Minion keys can be added automatically on startup to SaltStack master by mounting the volume `/home/salt/data/keys` and copying the minion keys inside `keys/minions/` directory:
 
 ```sh
 mkdir -p keys/minions
@@ -82,8 +83,8 @@ rsync root@minion1:/etc/salt/pki/minion/minion.pub keys/minions/minion1
 docker run --name salt_master -d \
     --publish 4505:4505/tcp --publish 4506:4506/tcp \
     --env 'SALT_LOG_LEVEL=info' \
-    --volume $(pwd)/srv/:/srv/ \
-    --volume $(pwd)/keys/:/etc/salt-docker/keys/ \
+    --volume $(pwd)/srv/:/home/salt/data/srv/ \
+    --volume $(pwd)/keys/:/home/salt/data/keys/ \
     cdalvaro/saltstack-master:2018.3.2
 ```
 
@@ -96,8 +97,8 @@ docker run --name salt_stack --detach \
     --publish 4505:4505/tcp --publish 4506:4506/tcp \
     --env 'SALT_LOG_LEVEL=info' \
     --env 'SALT_MASTER_SIGN_PUBKEY=True'
-    --volume $(pwd)/srv/:/srv/ \
-    --volume $(pwd)/keys/:/etc/salt-docker/keys/ \
+    --volume $(pwd)/srv/:/home/salt/data/srv/ \
+    --volume $(pwd)/keys/:/home/salt/data/keys/ \
     cdalvaro/saltstack-master:2018.3.2
 ```
 
@@ -107,12 +108,25 @@ Additionally, you can generate new keys by executing the following command:
 
 ```sh
 docker run --name salt_stack -it --rm \
-    --volume $(pwd)/keys/:/etc/salt-docker/keys/ \
+    --volume $(pwd)/keys/:/home/salt/data/keys/ \
     cdalvaro/saltstack-master:2018.3.2 app:gen-signed-keys other_master_sign
 ```
 
 The newly created keys will appear inside `keys/generated/other_master_sign` directory.
 
+### Host Mapping
+
+Per default the container is configured to run `salt-master` as user and group `salt` with `uid` and `gid` `1000`. From the host it appears as if the mounted data volumes are owned by the host's user/group `1000` and maybe leading to unfavorable effects.
+
+Also the container processes seem to be executed as the host's user/group `1000`. The container can be configured to map the uid and gid of git to different ids on host by passing the environment variables `USERMAP_UID` and `USERMAP_GID`. The following command maps the ids to the current user and group on the host.
+
+```sh
+docker run --name salt_stack -it --rm \
+    --env "USERMAP_UID=$(id -u)" --env "USERMAP_GID=$(id -g)" \
+    --volume $(pwd)/srv/:/home/salt/data/srv/ \
+    cdalvaro/saltstack-master:2018.3.2
+```
+
 ### Available Configuration Parameters
 
 Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose.
@@ -127,12 +141,15 @@ Below is the list of available options that can be used to customize your SaltSt
 | `SALT_MASTER_USE_PUBKEY_SIGNATURE` | Instead of computing the signature for each auth-reply, use a pre-calculated signature. This option requires `SALT_MASTER_SIGN_PUBKEY` set to 'True'. Possible values: 'True' or 'False'. Default: `True` |
 | `SALT_MASTER_SIGN_KEY_NAME` | The customizable name of the signing-key-pair without suffix. Default: `master_sign` |
 | `SALT_MASTER_PUBKEY_SIGNATURE` | The name of the file in the master's pki-directory that holds the pre-calculated signature of the master's public-key. Default: `master_pubkey_signature` |
+| `SALT_MASTER_ROOT_USER` | Forces `salt-master` to be runned as `root` instead of `salt`. Default: `False` |
+| `USERMAP_UID` | Sets the uid for user `salt` to the specified uid. Default: `1000`. |
+| `USERMAP_GID` | Sets the gid for user `salt` to the specified gid. Default: `1000`. |
 
-Any parameter not listed in the above table and available in the following [link](https://docs.saltstack.com/en/latest/ref/configuration/examples.html#configuration-examples-master), can be set by creating the directory `confs` and adding into it a `.conf` file with the desired parameters:
+Any parameter not listed in the above table and available in the following [link](https://docs.saltstack.com/en/latest/ref/configuration/examples.html#configuration-examples-master), can be set by creating the directory `config` and adding into it a `.conf` file with the desired parameters:
 
 ```sh
-mkdir confs
-cat > confs/ports.conf << EOF
+mkdir config
+cat > config/ports.conf << EOF
 # The tcp port used by the publisher:
 publish_port: 3505
 # The port used by the communication interface.
@@ -142,8 +159,8 @@ EOF
 docker run --name salt_master -d \
     --publish 3505:3505/tcp --publish 3506:3506/tcp \
     --env 'SALT_LOG_LEVEL=info' \
-    --read-only --volume $(pwd)/srv/:/srv/ \
-    --volume $(pwd)/confs/:/etc/salt-docker/confs/ \
+    --read-only --volume $(pwd)/srv/:/home/salt/data/srv/ \
+    --volume $(pwd)/config/:/home/salt/data/config/ \
     cdalvaro/saltstack-master:2018.3.2
 ```
 
diff --git a/assets/runtime/functions.sh b/assets/runtime/functions.sh
index 5367d39..5c4ad3f 100755
--- a/assets/runtime/functions.sh
+++ b/assets/runtime/functions.sh
@@ -3,6 +3,21 @@
 set -e
 source ${SALT_RUNTIME_DIR}/env-defaults.sh
 
+# Map salt user with host user
+function map_uidgid()
+{
+  USERMAP_ORIG_UID=$(id -u ${SALT_USER})
+  USERMAP_ORIG_GID=$(id -g ${SALT_USER})
+  USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
+  USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
+  if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then
+    echo "Mapping UID and GID for ${SALT_USER}:${SALT_USER} to ${USERMAP_UID}:${USERMAP_GID}..."
+    groupmod -o -g ${USERMAP_GID} ${SALT_USER}
+    sed -i -e "s|:${USERMAP_ORIG_UID}:${USERMAP_GID}:|:${USERMAP_UID}:${USERMAP_GID}:|" /etc/passwd
+    find ${SALT_HOME} -path ${SALT_DATA_DIR}/\* -prune -o -print0 | xargs -0 chown -h ${SALT_USER}:
+  fi
+}
+
 # This function generates a master_sign key pair and its signature
 function gen_signed_keys()
 {
@@ -30,30 +45,34 @@ function setup_keys()
       ${SALT_ROOT_DIR}/master
 
   cat >> ${SALT_ROOT_DIR}/master <<EOF
-
 #####         Security settings        #####
 ############################################
 master_sign_pubkey: ${SALT_MASTER_SIGN_PUBKEY}
 master_sign_key_name: ${SALT_MASTER_SIGN_KEY_NAME}
 master_pubkey_signature: ${SALT_MASTER_PUBKEY_SIGNATURE}
 master_use_pubkey_signature: ${SALT_MASTER_USE_PUBKEY_SIGNATURE}
+
 EOF
 
-  if [ ! -f "${SALT_KEYS_DIR}/${SALT_MASTER_SIGN_KEY_NAME}" ] && [ ${SALT_MASTER_SIGN_PUBKEY} == True ]; then
+  if [ ! -f ${SALT_KEYS_DIR}/master.pem ]; then
+    echo "Generating keys..."
+    salt-key --gen-keys master --gen-keys-dir ${SALT_KEYS_DIR}
+  fi
+
+  if [ ! -f "${SALT_KEYS_DIR}/${SALT_MASTER_SIGN_KEY_NAME}.pem" ] && [ ${SALT_MASTER_SIGN_PUBKEY} == True ]; then
     echo "Generating signed keys..."
-    if [ ! -f ${SALT_KEYS_DIR}/master.pem ]; then
-      salt-key --gen-keys master --gen-keys-dir ${SALT_KEYS_DIR}
-    fi
     salt-key --gen-signature --auto-create --pub ${SALT_KEYS_DIR}/master.pub --signature-path ${SALT_KEYS_DIR}
   fi
 
   for pub_key in $(find ${SALT_KEYS_DIR} -type f -maxdepth 2); do
     if [[ ${pub_key} =~ .*\.pem$ ]]; then
-      chmod -v 400 ${pub_key}
+      chmod 400 ${pub_key}
     else
-      chmod -v 644 ${pub_key}
+      chmod 644 ${pub_key}
     fi
   done
+
+  find ${SALT_HOME} -path ${SALT_KEYS_DIR}/\* -prune -o -print0 | xargs -0 chown -h ${SALT_USER}:
 }
 
 # This functions cofigures master service
@@ -64,16 +83,16 @@ function configure_salt_master()
 
   # Backup file
   if [ ! -f ${SALT_ROOT_DIR}/master.backup ]; then
-    cp -pv ${SALT_ROOT_DIR}/master ${SALT_ROOT_DIR}/master.backup
+    cp -p ${SALT_ROOT_DIR}/master ${SALT_ROOT_DIR}/master.backup
   else
-    cp -pv ${SALT_ROOT_DIR}/master.backup ${SALT_ROOT_DIR}/master
+    cp -p ${SALT_ROOT_DIR}/master.backup ${SALT_ROOT_DIR}/master
   fi
 
   # Set env variables
   sed -i \
       -e "s|^[#]*log_level:.*$|log_level: ${SALT_LOG_LEVEL}|" \
       -e "s|^[#]*log_level_logfile:.*$|log_level_logfile: ${SALT_LEVEL_LOGFILE}|" \
-      -e "s|^[#]*default_include:.*$|default_include: ${SALT_ROOT_DIR}/master.d/*.conf|" \
+      -e "s|^[#]*default_include:.*$|default_include: ${SALT_CONFS_DIR}/*.conf|" \
       -e "s|^[#]*pki_dir:.*$|pki_dir: ${SALT_KEYS_DIR}/|" \
       ${SALT_ROOT_DIR}/master
 
@@ -81,12 +100,24 @@ function configure_salt_master()
 
 ######       Custom Settings          ######
 ############################################
-EOF
 
-  # Sync config files
-  if [[ $(find ${SALT_CONFS_DIR} -type f -name '*.conf' | wc -l) -gt 0 ]]; then
-    rsync --verbose --delete ${SALT_CONFS_DIR}/*.conf ${SALT_ROOT_DIR}/master.d/
-    chown ${SALT_USER}:${SALT_USER} ${SALT_ROOT_DIR}/master.d/*.conf
-    chmod +rx-w ${SALT_ROOT_DIR}/master.d/*.conf
-  fi
+######       Base Directories         ######
+############################################
+file_roots:
+  base:
+    - ${SALT_BASE_DIR}/salt
+
+pillar_roots:
+  base:
+    - ${SALT_BASE_DIR}/pillar
+
+EOF
+}
+
+# Initializes the system
+function initialize_system()
+{
+  map_uidgid
+  configure_salt_master
+  setup_keys
 }
diff --git a/docker-compose.yml b/docker-compose.yml
index ef8d1d2..f28d04f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,10 +5,13 @@ services:
     container_name: salt_master
     image: cdalvaro/saltstack-master:2018.3.2
     volumes:
-      - "./srv/:/srv/:ro"
+      - "./srv/:/home/salt/data/srv"
     ports:
       - "4505:4505/tcp"
       - "4506:4506/tcp"
     environment:
       - DEBUG=false
+      - USERMAP_UID=501
+      - USERMAP_GID=20
+
       - SALT_LOG_LEVEL=info
diff --git a/entrypoint.sh b/entrypoint.sh
index 41e82ab..9ce773e 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -8,17 +8,13 @@ source "${SALT_RUNTIME_DIR}/functions.sh"
 case ${1} in
   app:start|app:init|app:gen-signed-keys)
 
-    configure_salt_master
+    initialize_system
 
     case ${1} in
       app:start)
-        setup_keys
         echo "Starting salt-master..."
         exec salt-master
         ;;
-      app:init)
-        setup_keys
-        ;;
       app:gen-signed-keys)
         shift 1
         gen_signed_keys ${1}
@@ -28,7 +24,6 @@ case ${1} in
   app:help)
     echo "Available options:"
     echo "  app:start                         - Start salt-master service. (default)"
-    echo "  app:init                          - Setup salt-master without launching the service."
     echo "  app:gen-signed-keys <key_name>    - Create a master_sign key pair and its signature inside ${SALT_KEYS_DIR}/generated/"
     echo "  app:help                          - Displays this help."
     echo "  [command]                         - Execute the specified command, eg. bash."