diff --git a/Dockerfile b/Dockerfile
index 700100d..43a49c9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,6 +6,10 @@ ENV PYTHONDONTWRITEBYTECODE=1 \
     PIP_NO_CACHE_DIR=1 \
     PIP_DISABLE_PIP_VERSION_CHECK=1
 
+# Install gosu for stepping down from root
+RUN apt-get update && apt-get install -y --no-install-recommends gosu \
+    && rm -rf /var/lib/apt/lists/*
+
 # Create non-root user
 RUN groupadd -r mcp && useradd -r -g mcp mcp
 
@@ -19,12 +23,13 @@ RUN pip install --no-cache-dir -r requirements.txt
 # Copy application code
 COPY src/ ./src/
 
+# Copy entrypoint script
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
 # Create data directory for SQLite
 RUN mkdir -p /data && chown -R mcp:mcp /data /app
 
-# Switch to non-root user
-USER mcp
-
 # Expose port
 EXPOSE 8000
 
@@ -32,5 +37,6 @@ EXPOSE 8000
 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
     CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/mcp')" || exit 1
 
-# Run the server
-CMD ["python", "src/server.py"]
+# Use entrypoint to fix permissions, then run as mcp user
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["gosu", "mcp", "python", "src/server.py"]
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..ba1b506
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+# Ensure /data directory exists and is writable
+# This handles the case where a Docker volume is mounted with root ownership
+if [ ! -w /data ]; then
+    echo "Warning: /data not writable, attempting to fix permissions..."
+    # This will only work if running as root
+    chown -R mcp:mcp /data 2>/dev/null || true
+fi
+
+# Create the data directory if it doesn't exist
+mkdir -p /data 2>/dev/null || true
+
+exec "$@"