diff --git a/hooks/conf_regen/01-yunohost b/hooks/conf_regen/01-yunohost
index 1bef26a8b..0d6876cf4 100755
--- a/hooks/conf_regen/01-yunohost
+++ b/hooks/conf_regen/01-yunohost
@@ -181,6 +181,15 @@ do_post_regen() {
     # NB: x permission for 'others' is important for ssl-cert (and maybe mdns), otherwise slapd will fail to start because can't access the certs
     chmod 755 /etc/yunohost
 
+    chown root:root /etc/systemd/system/*.service
+    chmod 644 /etc/systemd/system/*.service
+
+    if ls -l /etc/php/*/fpm/pool.d/*.conf
+    then
+        chown root:root /etc/php/*/fpm/pool.d/*.conf
+        chmod 644 /etc/php/*/fpm/pool.d/*.conf
+    fi
+
     # Certs
     # We do this with find because there could be a lot of them...
     chown -R root:ssl-cert /etc/yunohost/certs
diff --git a/hooks/conf_regen/15-nginx b/hooks/conf_regen/15-nginx
index 28d9e90fb..9eabcd8b7 100755
--- a/hooks/conf_regen/15-nginx
+++ b/hooks/conf_regen/15-nginx
@@ -144,6 +144,12 @@ do_pre_regen() {
 do_post_regen() {
     regen_conf_files=$1
 
+    if ls -l /etc/nginx/conf.d/*.d/*.conf
+    then
+        chown root:root /etc/nginx/conf.d/*.d/*.conf
+        chmod 644 /etc/nginx/conf.d/*.d/*.conf
+    fi
+
     [ -z "$regen_conf_files" ] && exit 0
 
     # create NGINX conf directories for domains
diff --git a/hooks/conf_regen/52-fail2ban b/hooks/conf_regen/52-fail2ban
index d463892c7..db3cf0da7 100755
--- a/hooks/conf_regen/52-fail2ban
+++ b/hooks/conf_regen/52-fail2ban
@@ -24,6 +24,12 @@ do_pre_regen() {
 do_post_regen() {
     regen_conf_files=$1
 
+    if ls -l /etc/fail2ban/jail.d/*.conf
+    then
+        chown root:root /etc/fail2ban/jail.d/*.conf
+        chmod 644 /etc/fail2ban/jail.d/*.conf
+    fi
+
     [[ -z "$regen_conf_files" ]] \
         || systemctl reload fail2ban
 }