diff --git a/Dockerfile b/Dockerfile
index b62b672..d1ce84c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -37,9 +37,11 @@ RUN git config --global --add safe.directory /var/www/html \
 # Configure Apache
 COPY apache.conf /etc/apache2/sites-available/000-default.conf
 
-# Set permissions
-RUN chown -R www-data:www-data /var/www/html \
-    && chmod -R 755 /var/www/html/public
+# Set permissions and create writable directories
+RUN mkdir -p /var/www/html/backups /var/www/html/logs \
+    && chown -R www-data:www-data /var/www/html \
+    && chmod -R 755 /var/www/html/public \
+    && chmod 775 /var/www/html/backups /var/www/html/logs
 
 # Setup cron jobs
 RUN echo "0 * * * * www-data cd /var/www/html && /usr/local/bin/php bin/check_expired_clients.php >> /var/log/cron.log 2>&1" > /etc/cron.d/amnezia-cron \
@@ -59,6 +61,10 @@ RUN chmod +x /var/www/html/bin/monitor_metrics.sh
 # Create startup script
 RUN echo '#!/bin/bash\n\
 service cron start\n\
+# Ensure writable directories exist with correct ownership\n\
+mkdir -p /var/www/html/backups /var/www/html/logs\n\
+chown www-data:www-data /var/www/html/backups /var/www/html/logs\n\
+chmod 775 /var/www/html/backups /var/www/html/logs\n\
 # Ensure www-data can talk to host docker socket if mounted\n\
 if [ -S /var/run/docker.sock ]; then\n\
   SOCK_GID=$(stat -c %g /var/run/docker.sock)\n\
diff --git a/inc/VpnServer.php b/inc/VpnServer.php
index 587f91b..b19e022 100644
--- a/inc/VpnServer.php
+++ b/inc/VpnServer.php
@@ -811,9 +811,24 @@ BASH;
         $backupDir = '/var/www/html/backups';
         $backupPath = $backupDir . '/' . $backupName;
 
-        // Create backups directory if not exists
+        // Create backups directory if not exists and ensure www-data can write
         if (!is_dir($backupDir)) {
-            mkdir($backupDir, 0755, true);
+            if (!@mkdir($backupDir, 0775, true)) {
+                throw new Exception('Cannot create backups directory: ' . $backupDir);
+            }
+        }
+
+        // Fix permissions if directory is not writable (e.g. created by root during install)
+        if (!is_writable($backupDir)) {
+            @chmod($backupDir, 0775);
+            // If still not writable, try shell chown (may work if running as root or via sudo)
+            if (!is_writable($backupDir)) {
+                @shell_exec('chown www-data:www-data ' . escapeshellarg($backupDir) . ' 2>/dev/null');
+                @chmod($backupDir, 0775);
+            }
+            if (!is_writable($backupDir)) {
+                throw new Exception('Backups directory is not writable by www-data. Run: chown www-data:www-data ' . $backupDir);
+            }
         }
 
         try {