diff --git a/scripts/install b/scripts/install
index 5f24e32..5a6ecc8 100755
--- a/scripts/install
+++ b/scripts/install
@@ -88,15 +88,16 @@ sudo cp -a ../sources/* $final_path/
 
 # Set permissions
 sudo chmod 775 -R $final_path
+sudo chown -hR $runninguser:$runninguser $final_path
 
 if [ "$basicauthcreate" = "Yes" ];
 then
-	sudo chmod 600 $final_path/htpasswd
+	sudo chmod 440 $final_path/htpasswd
+	sudo chown www-data:www-data $final_path/htpasswd
 else
 	echo "Nothing to do"
 fi
 
-sudo chown -hR $runninguser:$runninguser $final_path
 
 # Modify Nginx configuration file and copy it to Nginx conf directory
 sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf
diff --git a/scripts/restore b/scripts/restore
index 1a9f6a9..311a5f7 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -36,15 +36,15 @@ sudo cp -a ./sources/* $final_path/
 # Restore permissions to app files
 # you may need to make some file and/or directory writeable by www-data (nginx user)
 sudo chown -R $runninguser:$runninguser $final_path
+
 if [ "$basicauthcreate" = "Yes" ];
 then
-        sudo chmod 600 $final_path/htpasswd
+        sudo chmod 440 $final_path/htpasswd
+        sudo chown www-data:www-data $final_path/htpasswd
 else
         echo "Nothing to do"
 fi
 
-
-
 ### MySQL (remove if not used) ###
 # If a MySQL database is used:
 # # Create and restore the database
diff --git a/scripts/upgrade b/scripts/upgrade
index 1d6327b..d378f69 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -78,16 +78,16 @@ sudo cp -a ../sources/* $final_path/
 
 # We adjust permissions
 sudo chmod 775 -R $final_path
+sudo chown -hR $runninguser:$runninguser $final_path
 
 if [ "$basicauthcreate" = "Yes" ];
 then
-        sudo chmod 600 $final_path/htpasswd
+        sudo chmod 440 $final_path/htpasswd
+        sudo chown www-data:www-data $final_path/htpasswd
 else
         echo "Nothing to do"
 fi
 
-sudo chown -hR $runninguser:$runninguser $final_path
-
 
 # Make app public if necessary
 is_public=$(ynh_app_setting_get $app is_public)