diff --git a/scripts/install b/scripts/install
index 5f8d061..1788968 100644
--- a/scripts/install
+++ b/scripts/install
@@ -64,8 +64,6 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$final_path"
 
-chown -R $app:$app $final_path
-
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -101,19 +99,14 @@ else
   ynh_replace_string --match_string="//const WWW_URI = '/asso/';" --replace_string="const WWW_URI = '$path_url/';" --target_file="$final_path/config.local.php"
 fi
 
-# permissions on files and directories
-chmod 400 $final_path/config.dist.php $final_path/index.php $final_path/sous-domaine.html $final_path/VERSION
-chmod 644 $final_path/config.local.php
-find $final_path/scripts -type d -exec chmod 500 {} +
-find $final_path/scripts -type f -exec chmod 400 {} +
-find $final_path/templates -type d -exec chmod 500 {} +
-find $final_path/templates -type f -exec chmod 400 {} +
-find $final_path/include -type d -exec chmod 500 {} +
-find $final_path/include -type f -exec chmod 400 {} +
-find $final_path/data -type d -exec chmod 700 {} +
-find $final_path/data -type f -exec chmod 600 {} +
-find /var/www/garradin/www -type d -exec chmod 505  {} +
-find /var/www/garradin/www -type f -exec chmod 644  {} +
+# Permissions on files and directories
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+find "$final_path" -type d -exec chmod 550 {} +
+find "$final_path" -type f -exec chmod 440 {} +
+find "$final_path/data" -type d -exec chmod 770 {} +
+find "$final_path/data" -type f -exec chmod 660 {} +
+chmod 660 "$final_path/config.local.php"
 
 #=================================================
 # SETUP SSOWAT
diff --git a/scripts/upgrade b/scripts/upgrade
index d251201..8b5a911 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -193,8 +193,6 @@ then
   ynh_secure_remove $backup_bdd
 fi
 
-chown -R $app:$app $final_path
-
 #=================================================
 # ADD A CONFIGURATION
 #=================================================
@@ -209,19 +207,14 @@ else
 ynh_replace_string --match_string="//const WWW_URI = '/asso/';" --replace_string="const WWW_URI = '$path_url/';" --target_file="$final_path/config.local.php"
 fi
 
-# Set permissions on app files
-chmod 400 $final_path/config.dist.php $final_path/index.php $final_path/sous-domaine.html $final_path/VERSION
-chmod 644 $final_path/config.local.php
-find $final_path/scripts -type d -exec chmod 500 {} +
-find $final_path/scripts -type f -exec chmod 400 {} +
-find $final_path/templates -type d -exec chmod 500 {} +
-find $final_path/templates -type f -exec chmod 400 {} +
-find $final_path/include -type d -exec chmod 500 {} +
-find $final_path/include -type f -exec chmod 400 {} +
-find $final_path/data -type d -exec chmod 700 {} +
-find $final_path/data -type f -exec chmod 600 {} +
-find /var/www/garradin/www -type d -exec chmod 505  {} +
-find /var/www/garradin/www -type f -exec chmod 644  {} +
+# Permissions on files and directories
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+find "$final_path" -type d -exec chmod 550 {} +
+find "$final_path" -type f -exec chmod 440 {} +
+find "$final_path/data" -type d -exec chmod 770 {} +
+find "$final_path/data" -type f -exec chmod 660 {} +
+chmod 660 "$final_path/config.local.php"
 
 #=================================================
 # RELOAD NGINX
@@ -236,6 +229,7 @@ ynh_systemd_action --service_name=nginx --action=reload
 ynh_script_progression --message="Finalise upgrade" --weight=1
 
 ynh_local_curl "/admin/index.php"
+chmod 440 "$final_path/config.local.php"
 
 #=================================================
 # END OF SCRIPT