diff --git a/krypton.yml b/krypton.yml
index 8d6ea22..9d2a55d 100644
--- a/krypton.yml
+++ b/krypton.yml
@@ -42,13 +42,14 @@
 
     - name: Ensure openLDAP directories are present.
       file:
-        path: "{{ item }}"
+        path: "{{ item.path }}"
+        mode: "0755"
         state: directory
       with_items:
-        - "{{ openldap_data }}/ldap"
-        - "{{ openldap_data }}/slapd"
-        - "{{ openldap_data }}/ldif"
-        - "{{ dehydrated_certs_dir }}/{{ openldap_domain }}"
+        - path: "{{ openldap_data }}/ldap"
+        - path: "{{ openldap_data }}/slapd"
+        - path: "{{ openldap_data }}/ldif"
+        - path: "{{ dehydrated_certs_dir }}/{{ openldap_domain }}"
 
     - name: Ensure container for openLDAP is running.
       docker_container:
diff --git a/pottwal.yml b/pottwal.yml
index 2298afb..e3100cf 100644
--- a/pottwal.yml
+++ b/pottwal.yml
@@ -202,11 +202,14 @@
 
     - name: Ensure the hedgedoc directories exist
       file:
-        path: "{{ item }}"
+        path: "{{ item.path }}"
+        mode: "{{ item.mode }}"
         state: directory
       with_items:
-        - "{{ data_dir }}/hedgedoc/data/database"
-        - "{{ data_dir }}/hedgedoc/data/uploads"
+        - path: "{{ data_dir }}/hedgedoc/data/database"
+          mode: "0700"
+        - path: "{{ data_dir }}/hedgedoc/data/uploads"
+          mode: "0755"
 
     - name: Setup docker network
       docker_network:
@@ -267,6 +270,7 @@
     - name: Ensure the influxdb directories exist
       file:
         path: "{{ item }}"
+        mode: 0700
         state: directory
       with_items:
         - "{{ data_dir }}/influxdb"
@@ -362,9 +366,10 @@
     - name: Ensure the uptime-kuma directories exist
       file:
         path: "{{ item }}"
+        mode: "0755"
         state: directory
       with_items:
-        - "{{ data_dir }}/uptimekuma"
+        - "{{ data_dir }}/uptime-kuma"
 
     - name: Ensure container for uptime-kuma is running
       docker_container:
diff --git a/radon.yml b/radon.yml
index e614615..33f9e13 100644
--- a/radon.yml
+++ b/radon.yml
@@ -42,6 +42,7 @@
     - name: Ensure the mosquitto directories exist
       file:
         path: "{{ item }}"
+        mode: 0755
         state: directory
       with_items:
         - "{{ mosquitto_data }}/config"
@@ -52,6 +53,7 @@
       template:
         src: "templates/mosquitto.conf.j2"
         dest: "{{ mosquitto_data }}/config/mosquitto.conf"
+        mode: 0644
       notify: restart mosquitto
 
     - name: Ensure mosquitto is running
diff --git a/roles/docker_setup/tasks/main.yml b/roles/docker_setup/tasks/main.yml
index 98cfde5..8f946fb 100644
--- a/roles/docker_setup/tasks/main.yml
+++ b/roles/docker_setup/tasks/main.yml
@@ -52,6 +52,7 @@
   template:
     src: templates/daemon.json.j2
     dest: /etc/docker/daemon.json
+    mode: "0644"
   notify: restart docker
 
 - name: Check current docker-compose version.
@@ -72,7 +73,7 @@
   get_url:
     url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64
     dest: "{{ docker_compose_path }}"
-    mode: 0755
+    mode: "0755"
 
 - name: Place admin users in docker group
   user:
diff --git a/roles/setup_http_site_proxy/tasks/main.yml b/roles/setup_http_site_proxy/tasks/main.yml
index 6aeff36..c1f52d2 100644
--- a/roles/setup_http_site_proxy/tasks/main.yml
+++ b/roles/setup_http_site_proxy/tasks/main.yml
@@ -3,6 +3,7 @@
   template:
     src: templates/apache-docker-proxy-site.j2
     dest: /etc/apache2/sites-available/{{ site_name }}.conf
+    mode: "0644"
   notify: restart apache2
 
 - name: Activate Apache2 site
diff --git a/tau.yml b/tau.yml
index 8a622e7..172cecb 100644
--- a/tau.yml
+++ b/tau.yml
@@ -88,6 +88,7 @@
       file:
         path: "{{ data_dir }}/registry/data"
         state: directory
+        mode: "0755"
 
     - name: Setup Docker Registry Container
       docker_container: