diff --git a/nanolayer/installers/devcontainer_feature/oci_feature_installer.py b/nanolayer/installers/devcontainer_feature/oci_feature_installer.py
index a9a6df9e..c760dc6a 100644
--- a/nanolayer/installers/devcontainer_feature/oci_feature_installer.py
+++ b/nanolayer/installers/devcontainer_feature/oci_feature_installer.py
@@ -11,6 +11,7 @@
 )
 from nanolayer.installers.devcontainer_feature.oci_feature import OCIFeature
 from nanolayer.utils.invoker import Invoker
+from nanolayer.utils.linux_information_desk import LinuxInformationDesk
 from nanolayer.utils.settings import (
     ENV_CLI_LOCATION,
     ENV_FORCE_CLI_INSTALLATION,
@@ -26,6 +27,9 @@ class OCIFeatureInstaller:
     class FeatureInstallationException(Exception):
         pass
 
+    class NoPremissions(PermissionError):
+        pass
+
     _ORDERED_BASE_REMOTE_USERS = ("vscode", "node", "codespace")
     _FALLBACK_USER_ID_A = (
         1000  # user 1000 (mostly the base user of the contianer eg. "ubuntu" etc)
@@ -48,6 +52,11 @@ def install(
         remote_user: Optional[str] = None,
         verbose: bool = False,
     ) -> None:
+        if not LinuxInformationDesk.has_root_privileges():
+            raise cls.NoPremissions(
+                "Installer must be run as root. Use sudo, su, or add 'USER root' to your Dockerfile before running this command."
+            )
+
         if options is None:
             options = {}