diff --git a/init.sh/init.sh b/init.sh/init.sh
new file mode 100644
index 0000000..7dd5e76
--- /dev/null
+++ b/init.sh/init.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Configure user and group IDs
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
+
+echo "[init] Setting up user nbxyz with PUID=${PUID} and PGID=${PGID}"
+
+if ! getent group ${PGID} > /dev/null 2>&1; then
+    addgroup --gid ${PGID} tftp
+else
+    echo "[init] Group with GID ${PGID} already exists"
+fi
+
+if ! getent passwd ${PUID} > /dev/null 2>&1; then
+    adduser -u ${PUID} -G tftp -h /tftp -s /bin/false -D tftp
+else
+    echo "[init] User with UID ${PUID} already exists"
+fi
+
+usermod -a -G users tftp 2>/dev/null || true
+
+chown -R nbxyz:nbxyz /tftp
+chmod -R 7777 -R /tftp
\ No newline at end of file
diff --git a/init.sh/start.sh b/init.sh/start.sh
new file mode 100644
index 0000000..bf28f6f
--- /dev/null
+++ b/init.sh/start.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Init File
+/init.sh
+
+# Wrapper script for dnsmasq to ensure TFTP logs are visible in docker logs
+echo "[dnsmasq] Starting TFTP server on port 69"
+echo "[dnsmasq] TFTP root: /config/menus"
+echo "[dnsmasq] TFTP security: enabled"
+echo "[dnsmasq] Logging: enabled (dhcp and queries)"
+
+# Start dnsmasq as root to bind to port 69, then drop privileges to tftp
+exec /usr/sbin/dnsmasq --port=0 --keep-in-foreground --enable-tftp --user=tftp --tftp-secure --tftp-root=/tftp --log-facility=- --log-dhcp --log-queries "$@"
\ No newline at end of file