diff --git a/tasks/auth.yml b/tasks/auth.yml
index 0d170de..15da723 100644
--- a/tasks/auth.yml
+++ b/tasks/auth.yml
@@ -4,6 +4,7 @@
       copy:
         src: /etc/mongod.conf
         dest: /etc/mongod.conf.bak
+        mode: 0640
         remote_src: True
       changed_when: False
 
@@ -11,7 +12,7 @@
       template:
         src: etc/mongod_init.conf.j2
         dest: /etc/mongod.conf
-        mode: 0644
+        mode: 0640
       changed_when: False
 
     - name: Restart service to disable auth
@@ -35,6 +36,7 @@
       copy:
         src: /etc/mongod.conf.bak
         dest: /etc/mongod.conf
+        mode: 0640
         remote_src: True
       changed_when: False
 
diff --git a/tasks/install.yml b/tasks/install.yml
index 0668f90..e125d2b 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -36,6 +36,7 @@
         path: "{{ mongodb_storage_dbpath }}"
         owner: "{{ mongodb_system_user }}"
         group: "{{ mongodb_system_group }}"
+        mode: 0750
         selevel: s0
         serole: object_r
         setype: mongod_var_lib_t