diff --git a/tor/Dockerfile b/tor/Dockerfile
index b9d94ca..9eecc3d 100644
--- a/tor/Dockerfile
+++ b/tor/Dockerfile
@@ -1,6 +1,9 @@
 FROM alpine:3.13
 
-RUN addgroup --gid 10001 tor && \
+COPY entrypoint.sh /entrypoint
+
+RUN chmod +x /entrypoint
+    addgroup --gid 10001 tor && \
     adduser \
         --uid 10000 \
         --home /var/lib/tor \
@@ -8,7 +11,7 @@ RUN addgroup --gid 10001 tor && \
         --disabled-password \
         --shell /sbin/nologin \
         tor && \
-    apk add --no-cache tor
+    apk add --no-cache tor su-exec
 
-USER tor
-CMD tor
+ENTRYPOINT ["/entrypoint"]
+CMD ["tor"]
diff --git a/tor/entrypoint.sh b/tor/entrypoint.sh
new file mode 100644
index 0000000..b7c0401
--- /dev/null
+++ b/tor/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -xe
+
+if [ -f /etc/tor/torrc ]
+then
+    awk '{if ($1 == "HiddenServiceDir") print $2}' /etc/tor/torrc | while IFS= read -r dir
+    do
+        mkdir -p "${dir}"
+        chown tor "${dir}"
+        chmod 700 "${dir}"
+    done
+fi
+
+su-exec tor "$@"