diff --git a/services/ml/Dockerfile b/services/ml/Dockerfile
index 76f737c..2e3467f 100644
--- a/services/ml/Dockerfile
+++ b/services/ml/Dockerfile
@@ -6,6 +6,7 @@ RUN apt-get update && apt-get install -y \
     wget \
     curl \
     libpq-dev \
+    gosu \
     && rm -rf /var/lib/apt/lists/*
 
 RUN wget https://github.com/ta-lib/ta-lib/releases/download/v0.6.4/ta-lib_0.6.4_amd64.deb \
@@ -25,6 +26,10 @@ RUN pip install --no-cache-dir --upgrade pip && \
 # Copy application code
 COPY . .
 
+# Entrypoint to fix volume permissions before dropping privileges
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
 # Expose port for FastAPI
 EXPOSE 8001
 
@@ -33,8 +38,9 @@ RUN useradd -r -s /bin/false appuser && \
     mkdir -p /app/data/raw /app/data/processed && \
     chown -R appuser:appuser /app
 
-# Switch to non-root user
-USER appuser
+# Run as root to fix volume permissions, then drop to appuser in entrypoint
+USER root
 
 # Run the inference server by default
+ENTRYPOINT ["/entrypoint.sh"]
 CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8001"]
diff --git a/services/ml/entrypoint.sh b/services/ml/entrypoint.sh
new file mode 100644
index 0000000..a39ca32
--- /dev/null
+++ b/services/ml/entrypoint.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -eu
+
+# Fix permissions on mounted volumes so the non-root user can write.
+# If the volume is root-owned (common on first run), chown it once.
+if [ -d /app/data ]; then
+  chown -R appuser:appuser /app/data || true
+fi
+if [ -d /app/mlruns ]; then
+  chown -R appuser:appuser /app/mlruns || true
+fi
+
+exec gosu appuser "$@"