diff --git a/roles/loki/tasks/main.yml b/roles/loki/tasks/main.yml
index d50e740..334a48e 100644
--- a/roles/loki/tasks/main.yml
+++ b/roles/loki/tasks/main.yml
@@ -17,6 +17,19 @@
     - "{{ promtail_config_dir }}"
   become: yes
 
+- name: Create Loki internal directories with correct permissions
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+    owner: "10001"
+    group: "10001"
+  loop:
+    - "{{ loki_data_dir }}/chunks"
+    - "{{ loki_data_dir }}/rules" 
+    - "{{ loki_data_dir }}/boltdb-shipper-compactor"
+  become: yes
+
 - name: Deploy Loki configuration
   template:
     src: loki-config.yml.j2
diff --git a/roles/loki/templates/docker-compose.yml.j2 b/roles/loki/templates/docker-compose.yml.j2
index f13baa4..b8ce4e0 100644
--- a/roles/loki/templates/docker-compose.yml.j2
+++ b/roles/loki/templates/docker-compose.yml.j2
@@ -3,6 +3,7 @@ services:
     image: grafana/loki:{{ loki_version }}
     container_name: loki
     restart: unless-stopped
+    user: "10001:10001"
     ports:
       - "{{ loki_port }}:3100"
     command: -config.file=/etc/loki/loki-config.yml
@@ -21,6 +22,7 @@ services:
     image: grafana/promtail:{{ loki_version }}
     container_name: promtail
     restart: unless-stopped
+    user: "0"  # root для доступа к системным логам
     command: -config.file=/etc/promtail/promtail-config.yml
     volumes:
       - "{{ promtail_config_dir }}:/etc/promtail"