diff --git a/alertmanager/tasks/main.yml b/alertmanager/tasks/main.yml
index 71f61859f31c7ac77e740124360203f2b989899c..a87895582c8df693bdeb66f72756bd059122c2f4 100644
--- a/alertmanager/tasks/main.yml
+++ b/alertmanager/tasks/main.yml
@@ -9,6 +9,9 @@
   template:
     src: default.j2
     dest: /etc/default/prometheus-alertmanager
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart alertmanager
   tags:
@@ -18,6 +21,9 @@
   template:
     src: alertmanager.yml.j2
     dest: /etc/prometheus/alertmanager.yml
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Reload alertmanager
   tags:
diff --git a/mysqld_exporter/tasks/main.yml b/mysqld_exporter/tasks/main.yml
index e84070c33c913484db2c8dfbf2fed349ea959ae4..9d8d2ed332bff5abf395632780cdf041e5f33f2a 100644
--- a/mysqld_exporter/tasks/main.yml
+++ b/mysqld_exporter/tasks/main.yml
@@ -23,6 +23,9 @@
   template:
     src: prometheus-mysqld-exporter.j2
     dest: /etc/default/prometheus-mysqld-exporter
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart mysqld_exporter
   tags:
@@ -34,6 +37,9 @@
   template:
     src: scrape.yml.j2
     dest: "/etc/prometheus/scrape/mysqld_{{ ansible_fqdn }}.yml"
+    owner: root
+    group: root
+    mode: "0644"
   delegate_to: "{{ prometheus_host }}"
   tags:
     - prometheus
diff --git a/node_exporter/tasks/main.yml b/node_exporter/tasks/main.yml
index 4f187771df09eedd6ea0d61e47c8090cd9606fa8..26a48cd7de4dc768eb64a6271cdf5cd3f20454b2 100644
--- a/node_exporter/tasks/main.yml
+++ b/node_exporter/tasks/main.yml
@@ -44,6 +44,9 @@
   template:
     src: prometheus-node-exporter.j2
     dest: /etc/default/prometheus-node-exporter
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart node_exporter
   tags:
@@ -55,6 +58,9 @@
   template:
     src: scrape.yml.j2
     dest: "/etc/prometheus/scrape/node_{{ ansible_fqdn }}.yml"
+    owner: root
+    group: root
+    mode: "0644"
   delegate_to: "{{ prometheus_host }}"
   tags:
     - prometheus
diff --git a/prometheus/tasks/main.yml b/prometheus/tasks/main.yml
index ce4f8e2c3a41b0b832598f3e9973f243668bd6ee..0e5b6197e27e566d7b5956e08a0049bdfdbe2e33 100644
--- a/prometheus/tasks/main.yml
+++ b/prometheus/tasks/main.yml
@@ -12,6 +12,9 @@
   template:
     src: default-prometheus.j2
     dest: /etc/default/prometheus
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart prometheus
   tags:
@@ -23,6 +26,9 @@
     src: prometheus.yml.j2
     dest: /etc/prometheus/prometheus.yml
     validate: "promtool check config %s"
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Reload prometheus
   tags:
@@ -33,6 +39,9 @@
   file:
     path: "/etc/prometheus/{{ item }}"
     state: directory
+    owner: root
+    group: root
+    mode: "0755"
   with_items:
     - alertmanagers
     - rules
@@ -46,6 +55,9 @@
     src: "rules.yml.j2"
     dest: "/etc/prometheus/rules/ansible_rules.yml"
     validate: "promtool check rules %s"
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Reload prometheus
   tags: