diff --git a/scripts/install b/scripts/install
index 235d27a..3be75c4 100644
--- a/scripts/install
+++ b/scripts/install
@@ -79,6 +79,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$final_path"
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -213,19 +217,18 @@ ynh_replace_string --match_string="^\s*// installed plugins" --replace_string="&
 # Store the config file checksum into the app settings
 ynh_store_file_checksum --file="$final_path/config/config.inc.php"
 
+chmod 400 "$final_path/config/config.inc.php"
+chown $app:$app "$final_path/config/config.inc.php"
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set permissions to app files
-chown -R root: "$final_path"
-mkdir -p "$final_path/plugins/enigma/home"
-chown -R $app: "$final_path/"{temp,logs,plugins/enigma/home}
 
-chmod 400 "$final_path/config/config.inc.php"
-chown $app:$app "$final_path/config/config.inc.php"
+
+mkdir -p "$final_path/plugins/enigma/home"
 
 #=================================================
 # RELOAD NGINX
diff --git a/scripts/restore b/scripts/restore
index 86386d8..4efc074 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -63,17 +63,9 @@ ynh_script_progression --message="Restoring $app main directory..."
 
 ynh_restore_file --origin_path="$final_path"
 
-#=================================================
-# RESTORE USER RIGHTS
-#=================================================
-
-# Restore permissions on app files
-chown -R root: "$final_path"
-mkdir -p "$final_path/plugins/enigma/home"
-chown -R $app: "$final_path/"{temp,logs,plugins/enigma/home}
-
-chmod 600 "$final_path/config/config.inc.php"
-chown $app:$app "$final_path/config/config.inc.php"
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index d984a9a..82898a4 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -124,6 +124,10 @@ then
 	ynh_setup_source --dest_dir="$final_path"
 fi
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -261,6 +265,9 @@ then
     # Store the config file checksum into the app settings
     ynh_store_file_checksum --file="$final_path/config/config.inc.php"
 
+    chmod 400 "$final_path/config/config.inc.php"
+    chown $app:$app "$final_path/config/config.inc.php"
+
     #=================================================
     # UPDATE ROUNDCUBE CORE
     #=================================================
@@ -270,20 +277,6 @@ then
     ynh_exec_warn ./bin/update.sh --version=$oldversion -y)
 fi
 
-#=================================================
-# GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Set permissions to app files
-chown -R root: "$final_path"
-mkdir -p "$final_path/plugins/enigma/home"
-chown -R $app: "$final_path/"{temp,logs,plugins/enigma/home}
-
-chmod 400 "$final_path/config/config.inc.php"
-chown $app:$app "$final_path/config/config.inc.php"
-
 #=================================================
 # RELOAD NGINX
 #=================================================