diff --git a/ansible/roles/beacon-node-builds/defaults/main.yml b/ansible/roles/beacon-node-builds/defaults/main.yml
index cb14c59..993f203 100644
--- a/ansible/roles/beacon-node-builds/defaults/main.yml
+++ b/ansible/roles/beacon-node-builds/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
 beacon_node_builds_user: 'nimbus'
+beacon_node_builds_group: 'staff'
 beacon_node_builds_path: '/data/beacon-node-builds'
 beacon_node_builds_image_name: 'statusteam/nimbus_beacon_node'
 
diff --git a/ansible/roles/beacon-node-builds/tasks/build.yml b/ansible/roles/beacon-node-builds/tasks/build.yml
index 085f668..5061608 100644
--- a/ansible/roles/beacon-node-builds/tasks/build.yml
+++ b/ansible/roles/beacon-node-builds/tasks/build.yml
@@ -22,15 +22,15 @@
     dest: '{{ beacon_node_builds_path }}/{{ item.name }}/build.sh'
     owner: '{{ beacon_node_builds_user }}'
     group: 'adm'
-    mode: 0755
+    mode: 0775
 
 - name: '{{ item.name }} - Create Dockerfile'
   template:
     src: 'Dockerfile.j2'
     dest: '{{ beacon_node_builds_path }}/{{ item.name }}/Dockerfile'
     owner: '{{ beacon_node_builds_user }}'
-    group: 'adm'
-    mode: 0644
+    group: '{{ beacon_node_builds_group }}'
+    mode: 0664
 
 - name: '{{ item.name }} - Create .dockerignore'
   copy:
@@ -45,6 +45,7 @@
   vars:
     systemd_timer_name: 'beacon-node-build-{{ item.name }}'
     systemd_timer_user: '{{ beacon_node_builds_user }}'
+    systemd_timer_service_group: '{{ beacon_node_builds_group }}'
     systemd_timer_description: 'Docker image build for Nimbus beacon node'
     systemd_timer_requires_extra: 'docker.service'
     systemd_timer_start_on_creation: false
diff --git a/ansible/roles/beacon-node-builds/tasks/user.yml b/ansible/roles/beacon-node-builds/tasks/user.yml
index daf6d08..5fb313e 100644
--- a/ansible/roles/beacon-node-builds/tasks/user.yml
+++ b/ansible/roles/beacon-node-builds/tasks/user.yml
@@ -2,7 +2,7 @@
 - name: Create user for beacon node builds
   user:
     name: '{{ beacon_node_builds_user }}'
-    group: 'adm'
+    group: '{{ beacon_node_builds_group }}'
     groups: ['docker']
     shell: '/bin/zsh'
 
@@ -18,3 +18,9 @@
     username: '{{ beacon_node_builds_docker_hub_user | mandatory }}'
     password: '{{ beacon_node_builds_docker_hub_token | mandatory }}'
   become_user: '{{ beacon_node_builds_user }}'
+
+- name: Sudoers file to let non-root users start jobs
+  template:
+    src: 'builds_sudoers.j2'
+    dest: '/etc/sudoers.d/80-beacon-node-builds'
+    mode: 0440
diff --git a/ansible/roles/beacon-node-builds/templates/builds_sudoers.j2 b/ansible/roles/beacon-node-builds/templates/builds_sudoers.j2
new file mode 100644
index 0000000..8d21d6b
--- /dev/null
+++ b/ansible/roles/beacon-node-builds/templates/builds_sudoers.j2
@@ -0,0 +1,10 @@
+# Allow non-root users start Nimbus builds with sudo.
+
+{% for service in beacon_node_builds_branches %}
+# {{ service.name }}
+%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *status beacon-node-build-{{ service.name }}[.service]
+%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *start beacon-node-build-{{ service.name }}[.service]
+%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *stop beacon-node-build-{{ service.name }}[.service]
+%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *restart beacon-node-build-{{ service.name }}[.service]
+
+{% endfor %}