diff --git a/docs/root/start/start.rst b/docs/root/start/start.rst
index 07fea53475808..2d3e81951aff6 100644
--- a/docs/root/start/start.rst
+++ b/docs/root/start/start.rst
@@ -179,6 +179,20 @@ You can then configure ``envoy`` to log to files in ``/var/log``
 
 The default ``envoy`` ``uid`` and ``gid`` are ``101``.
 
+The ``envoy`` user also needs to have permission to access any required configuration files mounted
+into the container.
+
+If you are running in an environment with a strict ``umask`` setting, you may need to provide envoy with
+access either by setting the ``uid`` or ``gid`` of the file, or by making the configuration file readable
+by the envoy user.
+
+One method of doing this without changing any file permissions or running as root inside the container
+is to start the container with the host user's ``uid``, for example:
+
+.. substitution-code-block:: none
+
+  $ docker run -d --name envoy -e ENVOY_UID=`id -u` -p 9901:9901 -p 10000:10000 envoy:v1
+
 
 Sandboxes
 ---------