diff --git a/scripts/env/setup.sh b/scripts/env/setup.sh
index 47c6c28..bbf0237 100755
--- a/scripts/env/setup.sh
+++ b/scripts/env/setup.sh
@@ -11,6 +11,7 @@ source /opt/mistborn/scripts/subinstallers/platform.sh
 # setup env file
 echo "" | sudo tee ${VAR_FILE}
 sudo chown mistborn:mistborn ${VAR_FILE}
+sudo chmod 600 ${VAR_FILE}
 
 # MISTBORN_DNS_BIND_IP
 
diff --git a/scripts/install.sh b/scripts/install.sh
index 31e0f83..e79b838 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -248,6 +248,7 @@ sudo resolvconf -u 1>/dev/null 2>&1
 
 echo "backup up original volumes folder"
 sudo mkdir -p ../mistborn_backup
+sudo chmod 700 ../mistborn_backup
 sudo tar -czf ../mistborn_backup/mistborn_volumes_backup.tar.gz ../mistborn_volumes 1>/dev/null 2>&1
 
 # clean docker
diff --git a/scripts/subinstallers/gen_prod_env.sh b/scripts/subinstallers/gen_prod_env.sh
index 23845e8..3644bc6 100755
--- a/scripts/subinstallers/gen_prod_env.sh
+++ b/scripts/subinstallers/gen_prod_env.sh
@@ -4,6 +4,7 @@ figlet "Mistborn: Container Credentials"
 
 # generate production .env file for Django
 mkdir -p ./.envs/.production
+chmod 700 ./.envs
 DJANGO_PROD_FILE="./.envs/.production/.django"
 DJANGO_SECRET_KEY=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(50)]))")
 #CELERY_FLOWER_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")