diff --git a/kube/3-deploy/2-apps/satisfactory/app/hr.yaml b/kube/3-deploy/2-apps/satisfactory/app/hr.yaml
index 6ef78016..cbd946f1 100644
--- a/kube/3-deploy/2-apps/satisfactory/app/hr.yaml
+++ b/kube/3-deploy/2-apps/satisfactory/app/hr.yaml
@@ -20,8 +20,8 @@ spec:
       repository: docker.io/wolveix/satisfactory-server
       tag: v1.4.8@sha256:56ca73cb8a64e7bedfe0b72c9490ce1d32e547a16c753ffcb7e96c8364e8c348
     podSecurityContext:
-      runAsUser: &uid ${APP_UID_SATISFACTORY}
-      runAsGroup: *uid
+      runAsUser: 0 # image uses PUID & PGID to fix permissions for Docker users, which requires starting as rootless :sadge: TODO: open issue to allow envvar to configure if rootless is allowed
+      runAsGroup: &uid ${APP_UID_SATISFACTORY}
       fsGroup: *uid
       fsGroupChangePolicy: Always
     env: