diff --git a/scripts/install b/scripts/install
index 0ca3eb0..c379a6e 100755
--- a/scripts/install
+++ b/scripts/install
@@ -211,9 +211,13 @@ yunohost service add $app --description="Web based management to catalog things"
 
 # Set permissions to app files
 chown -R "$app:" "$log_path"
-chown -R "$app:" "$public_path"
+chown -R "$app:www-data" "$public_path"
 chown -R "$app:" "$final_path"
 
+chmod o-rwx "$log_path"
+chmod o-rwx "$public_path"
+chmod o-rwx "$final_path"
+
 #=================================================
 # SETUP SYSTEMD
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index 394b186..ccfbb2e 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -70,7 +70,7 @@ ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell
 #=================================================
 
 # Restore permissions on app files
-chown -R "$app:" "$public_path"
+chown -R "$app:www-data" "$public_path"
 chown -R "$app:" "$final_path"
 
 #=================================================
@@ -138,6 +138,21 @@ touch "${log_file}"
 chown -R "$app:" "$log_path"
 ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# SECURE FILES AND DIRECTORIES
+#=================================================
+
+# Set permissions to app files
+chown -R "$app:" "$log_path"
+chown -R "$app:www-data" "$public_path"
+chown -R "$app:" "$final_path"
+
+chmod o-rwx "$log_path"
+chmod o-rwx "$public_path"
+chmod o-rwx "$final_path"
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index a3de19a..764a08b 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -203,9 +203,13 @@ yunohost service add $app --description="Web based management to catalog things"
 
 # Set permissions to app files
 chown -R "$app:" "$log_path"
-chown -R "$app:" "$public_path"
+chown -R "$app:www-data" "$public_path"
 chown -R "$app:" "$final_path"
 
+chmod o-rwx "$log_path"
+chmod o-rwx "$public_path"
+chmod o-rwx "$final_path"
+
 #=================================================
 # Start django_example_ynh via systemd
 #=================================================