diff --git a/commands/env.cmd b/commands/env.cmd
index fe042c44..af254087 100644
--- a/commands/env.cmd
+++ b/commands/env.cmd
@@ -18,6 +18,8 @@ if [[ -f "${WARDEN_HOME_DIR}/.env" ]]; then
 fi
 export WARDEN_IMAGE_REPOSITORY="${WARDEN_IMAGE_REPOSITORY:-"docker.io/wardenenv"}"
 
+export WARDEN_DOCKER_USERNS_MODE="${WARDEN_DOCKER_USERNS_MODE:-host}"
+
 ## configure environment type defaults
 if [[ ${WARDEN_ENV_TYPE} =~ ^magento ]]; then
     export WARDEN_SVC_PHP_VARIANT=-${WARDEN_ENV_TYPE}
diff --git a/commands/svc.cmd b/commands/svc.cmd
index acec5b3e..a11c1b1e 100644
--- a/commands/svc.cmd
+++ b/commands/svc.cmd
@@ -23,8 +23,12 @@ if [[ -f "${WARDEN_HOME_DIR}/.env" ]]; then
     eval "$(grep "^WARDEN_DNSMASQ_ENABLE" "${WARDEN_HOME_DIR}/.env")"
     # Check Portainer
     eval "$(grep "^WARDEN_PORTAINER_ENABLE" "${WARDEN_HOME_DIR}/.env")"
+    # Check Docker socket
+    eval "$(grep "^WARDEN_DOCKER_SOCK" "${WARDEN_HOME_DIR}/.env")"
 fi
 
+export WARDEN_DOCKER_SOCK="${WARDEN_DOCKER_SOCK:-/var/run/docker.sock}"
+
 ## add dnsmasq docker-compose
 WARDEN_DNSMASQ_ENABLE="${WARDEN_DNSMASQ_ENABLE:-1}"
 if [[ "$WARDEN_DNSMASQ_ENABLE" == "1" ]]; then
diff --git a/docker/docker-compose.portainer.yml b/docker/docker-compose.portainer.yml
index 1a3b5f5c..0ad1da9b 100644
--- a/docker/docker-compose.portainer.yml
+++ b/docker/docker-compose.portainer.yml
@@ -4,11 +4,11 @@ services:
     container_name: portainer
     image: portainer/portainer-ce
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - ${WARDEN_DOCKER_SOCK}:/var/run/docker.sock
       - portainer:/data
     labels:
       - traefik.enable=true
       - traefik.http.routers.portainer.tls=true
       - traefik.http.routers.portainer.rule=Host(`portainer.${WARDEN_SERVICE_DOMAIN:-den.test}`)||Host(`portainer.warden.test`)
       - traefik.http.services.portainer.loadbalancer.server.port=9000
-    restart: ${WARDEN_RESTART_POLICY:-always}
\ No newline at end of file
+    restart: ${WARDEN_RESTART_POLICY:-always}
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index bc15dabd..6681de2a 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -10,7 +10,7 @@ services:
       - ${WARDEN_HOME_DIR}/etc/traefik/traefik.yml:/etc/traefik/traefik.yml
       - ${WARDEN_HOME_DIR}/etc/traefik/dynamic.yml:/etc/traefik/dynamic.yml
       - ${WARDEN_HOME_DIR}/ssl/certs:/etc/ssl/certs
-      - /var/run/docker.sock:/var/run/docker.sock
+      - ${WARDEN_DOCKER_SOCK}:/var/run/docker.sock
     labels:
       - traefik.enable=true
       - traefik.http.routers.traefik.tls=true
diff --git a/environments/includes/php-fpm.base.yml b/environments/includes/php-fpm.base.yml
index 4fc1ca6a..e968dca5 100644
--- a/environments/includes/php-fpm.base.yml
+++ b/environments/includes/php-fpm.base.yml
@@ -30,6 +30,7 @@ services:
       - CHOWN_DIR_LIST=${CHOWN_DIR_LIST:-}
     volumes: *volumes
     extra_hosts: *extra_hosts
+    userns_mode: ${WARDEN_DOCKER_USERNS_MODE:-host}
 
   php-debug:
     hostname: "${WARDEN_ENV_NAME}-php-debug"
@@ -46,6 +47,7 @@ services:
       - CHOWN_DIR_LIST=${CHOWN_DIR_LIST:-}
     volumes: *volumes
     extra_hosts: *extra_hosts
+    userns_mode: ${WARDEN_DOCKER_USERNS_MODE:-host}
     depends_on:
       - php-fpm
 volumes: