diff --git a/Dockerfile b/Dockerfile
index 117ef90..a8ceaae 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,5 +7,8 @@ COPY scripts/ /opt/scripts/
 COPY entrypoint.sh /entrypoint.sh
 
 RUN chmod +x /entrypoint.sh /opt/scripts/*.sh
+RUN mkdir /workspace
+# set read,write,execute permissions for everyone, in case we don't wnat to run as root later.
+RUN chmod -R 777 /workspace /entrypoint.sh /opt/scripts
 
-ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/nzp b/nzp
index efceb21..30ca452 100755
--- a/nzp
+++ b/nzp
@@ -15,8 +15,15 @@ fi
 
 # Detect first-time setup and pull repos if needed
 if [ ! -d "$TOOLBOX_ROOT/repos" ] || ! compgen -G "$TOOLBOX_ROOT/repos/*/.git" > /dev/null; then
+    # create missing folders explicitly, else Docker would create them with root as owner
+    mkdir "$TOOLBOX_ROOT/repos"
+    if [ ! -d "$TOOLBOX_ROOT/python_envs" ]; then
+        mkdir "$TOOLBOX_ROOT/python_envs"
+    fi
+
     echo "[INFO] Pulling repositories for first time use..."
     docker run --platform=linux/amd64 --rm -i \
+        -u $(id -u):$(id -g) \
         -v "$TOOLBOX_ROOT/config":/workspace/config \
         -v "$TOOLBOX_ROOT/repos":/workspace/repos \
         -v "$TOOLBOX_ROOT/python_envs":/workspace/python_envs \
@@ -26,8 +33,9 @@ fi
 
 # Run container with mounts and pass our arguments
 docker run --platform=linux/amd64 --rm -i \
+    -u $(id -u):$(id -g) \
     -v "$TOOLBOX_ROOT/config":/workspace/config \
     -v "$TOOLBOX_ROOT/repos":/workspace/repos \
     -v "$TOOLBOX_ROOT/python_envs":/workspace/python_envs \
     "$IMAGE_NAME" \
-    "$@"
\ No newline at end of file
+    "$@"