diff --git a/Dockerfile b/Dockerfile
index 2647a110..5e9d6a4b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -83,7 +83,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     python3-pyfuse3=${PYFUSE3_VERSION} \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
-    && mkdir -p /app/data
+    && mkdir -p /app/data /cache \
+    && chmod 1777 /cache
 
 COPY --from=builder /opt/venv /opt/venv
 
diff --git a/README.md b/README.md
index 19ce4d78..be8e9ce7 100644
--- a/README.md
+++ b/README.md
@@ -53,8 +53,11 @@ Borgitory is a comprehensive web-based management interface for BorgBackup repos
        image: mlapaglia/borgitory:latest
        ports:
          - "8000:8000"
+       # Optional: run as your host user to avoid root-owned files (set UID/GID first)
+       # user: "${UID}:${GID}"
        volumes:
          - ./data:/app/data # database and encryption key location
+         - ./cache:/cache # borg cache/config/security directories
          - /path/to/backup/sources:/sources:ro
          - /path/to/any/backup/repos:/repos:ro
        cap_add:
@@ -68,6 +71,9 @@ Borgitory is a comprehensive web-based management interface for BorgBackup repos
    docker-compose up -d
    ```
 
+   When running with a non-root container user, ensure mounted directories are writable by that user.
+   On Linux you can set these variables with `export UID; export GID=$(id -g)` before starting Compose.
+
 2. **Access the web interface**
    - Open <http://localhost:8000> in your browser
    - Create your first admin account on initial setup
diff --git a/start.sh b/start.sh
index 4eacf11e..8c7f40b2 100644
--- a/start.sh
+++ b/start.sh
@@ -1,10 +1,33 @@
 #!/bin/bash
 
-echo "🚀 Starting Borgitory with HTTP on port 8000"
+ensure_writable_dir() {
+    mkdir -p "$1" 2>/dev/null && [ -d "$1" ] && [ -w "$1" ] && [ -x "$1" ]
+}
+
+echo "Starting Borgitory with HTTP on port 8000"
+
+if [ -z "${HOME}" ]; then
+    echo "ERROR: HOME is not set. Set HOME to a writable directory for Borg runtime files."
+    exit 1
+fi
+
+if ! ensure_writable_dir "${HOME}"; then
+    echo "ERROR: HOME=${HOME} is not writable. Set HOME to a writable directory."
+    exit 1
+fi
+
+if [ -z "${BORG_BASE_DIR}" ]; then
+    export BORG_BASE_DIR="/cache/borg"
+fi
+
+if ! ensure_writable_dir "${BORG_BASE_DIR}"; then
+    echo "ERROR: BORG_BASE_DIR=${BORG_BASE_DIR} is not writable. Set BORG_BASE_DIR to a writable directory."
+    exit 1
+fi
 
 if [ "$BORGITORY_DEBUG" = "true" ]; then
-    echo "🐛 Debug mode: Debugger listening on port 5678"
-    python -m debugpy --listen 0.0.0.0:5678 --wait-for-client -m borgitory.cli serve --host 0.0.0.0 --port 8000
+    echo "Debug mode: Debugger listening on port 5678"
+    exec python -m debugpy --listen 0.0.0.0:5678 --wait-for-client -m borgitory.cli serve --host 0.0.0.0 --port 8000
 else
     exec borgitory serve --host 0.0.0.0 --port 8000
 fi
\ No newline at end of file