diff --git a/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2
index 4d4b3f396..af91b1855 100644
--- a/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2
+++ b/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2
@@ -11,7 +11,8 @@ ExecStartPre=-/usr/bin/docker kill matrix-appservice-discord
 ExecStartPre=-/usr/bin/docker rm matrix-appservice-discord
 ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
 			--log-driver=none \
-			-e "UID={{ matrix_user_uid }}" -e "GID={{ matrix_user_gid }}" \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_appservice_discord_container_expose_client_server_api_port %}
 			-p 127.0.0.1:9005:9005 \