diff --git a/ansible/misc-docker.yaml b/ansible/misc-docker.yaml
index a67d6e9..d8dba26 100644
--- a/ansible/misc-docker.yaml
+++ b/ansible/misc-docker.yaml
@@ -6,6 +6,10 @@
       copy:
         src: ../docker
         dest: /etc/pbri
+        # Files should inaccessible to non-root users.
+        mode: u=rw,g=,o=
+        # Directories should be listable
+        directory_mode: u=rwx,g=rx,o=rx
     - name: Create global docker volumes
       become: yes
       docker_volume: