diff --git a/internal/engine/docker.go b/internal/engine/docker.go
index 5be35f2..216e67b 100644
--- a/internal/engine/docker.go
+++ b/internal/engine/docker.go
@@ -42,7 +42,7 @@ func NewDocker(cfg *config.Config, sandbox, command string) Engine {
 // Exec executes the command and returns the output.
 func (e *Docker) Exec(req Request) Execution {
 	// all steps operate in the same temp directory
-	dir, err := os.MkdirTemp("", "")
+	dir, err := fileio.MkdirTemp(0777)
 	if err != nil {
 		err = NewExecutionError("create temp dir", err)
 		return Fail(req.ID, err)
diff --git a/internal/fileio/fileio.go b/internal/fileio/fileio.go
index 9c686be..f04b09a 100644
--- a/internal/fileio/fileio.go
+++ b/internal/fileio/fileio.go
@@ -78,3 +78,18 @@ func WriteFile(path, content string, perm fs.FileMode) (err error) {
 	}
 	return os.WriteFile(path, data, perm)
 }
+
+// MkdirTemp creates a new temporary directory with given permissions
+// and returns the pathname of the new directory.
+func MkdirTemp(perm fs.FileMode) (string, error) {
+	dir, err := os.MkdirTemp("", "")
+	if err != nil {
+		return "", err
+	}
+	err = os.Chmod(dir, perm)
+	if err != nil {
+		os.Remove(dir)
+		return "", err
+	}
+	return dir, nil
+}
diff --git a/internal/fileio/fileio_test.go b/internal/fileio/fileio_test.go
index 4eeb953..bfef134 100644
--- a/internal/fileio/fileio_test.go
+++ b/internal/fileio/fileio_test.go
@@ -128,7 +128,7 @@ func TestWriteFile(t *testing.T) {
 	})
 
 	t.Run("perm", func(t *testing.T) {
-		const perm = fs.FileMode(0444)
+		const perm = 0444
 		path := filepath.Join(dir, "perm.txt")
 		err = WriteFile(path, "hello", perm)
 		if err != nil {
@@ -138,8 +138,8 @@ func TestWriteFile(t *testing.T) {
 		if err != nil {
 			t.Fatalf("file not created: %s", err)
 		}
-		if fileInfo.Mode() != perm {
-			t.Errorf("unexpected file permissions: got %v, want %v", fileInfo.Mode(), perm)
+		if fileInfo.Mode().Perm() != perm {
+			t.Errorf("unexpected file permissions: expected %o, got %o", perm, fileInfo.Mode().Perm())
 		}
 	})
 
@@ -159,3 +159,39 @@ func TestWriteFile(t *testing.T) {
 		}
 	})
 }
+
+func TestMkdirTemp(t *testing.T) {
+	t.Run("default permissions", func(t *testing.T) {
+		const perm = 0755
+		dir, err := MkdirTemp(perm)
+		if err != nil {
+			t.Fatalf("failed to create temp directory: %v", err)
+		}
+		defer os.Remove(dir)
+
+		info, err := os.Stat(dir)
+		if err != nil {
+			t.Fatalf("failed to stat temp directory: %v", err)
+		}
+		if info.Mode().Perm() != perm {
+			t.Errorf("unexpected permissions: expected %o, got %o", perm, info.Mode().Perm())
+		}
+	})
+
+	t.Run("non-default permissions", func(t *testing.T) {
+		const perm = 0777
+		dir, err := MkdirTemp(perm)
+		if err != nil {
+			t.Fatalf("failed to create temp directory: %v", err)
+		}
+		defer os.Remove(dir)
+
+		info, err := os.Stat(dir)
+		if err != nil {
+			t.Fatalf("failed to stat temp directory: %v", err)
+		}
+		if info.Mode().Perm() != perm {
+			t.Errorf("unexpected permissions: expected %o, got %o", perm, info.Mode().Perm())
+		}
+	})
+}