diff --git a/roles/archweb/tasks/main.yml b/roles/archweb/tasks/main.yml
index 54c68badf5b4508fdfe6fd446f5b07211d016c0a..c2d8d832bece38ed61b28e28ac543ce1a18df2b5 100644
--- a/roles/archweb/tasks/main.yml
+++ b/roles/archweb/tasks/main.yml
@@ -20,7 +20,7 @@
   when: archweb_site
 
 - name: make nginx log dir
-  file: path=/var/log/nginx/{{ archweb_domain }} state=directory owner=root group=log mode=750
+  file: path=/var/log/nginx/{{ archweb_domain }} state=directory owner=root group=root mode=0755
   when: archweb_site
 
 - name: make rsync iso dir
diff --git a/roles/flyspray/tasks/main.yml b/roles/flyspray/tasks/main.yml
index 1f36258278f4276d8e32dd821fef3a2a0a4b4259..bc14a90bf849d8e0e346be09be27ccd027611c0f 100644
--- a/roles/flyspray/tasks/main.yml
+++ b/roles/flyspray/tasks/main.yml
@@ -16,7 +16,7 @@
     - reload nginx
 
 - name: make nginx log dir
-  file: path=/var/log/nginx/{{ flyspray_domain }} state=directory owner=root group=log mode=750
+  file: path=/var/log/nginx/{{ flyspray_domain }} state=directory owner=root group=root mode=0755
 
 - name: create setup dir with write permissions
   file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}/setup" mode=755
diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml
index 42bebeae59ec10e2ef8b505f53428b341056feaf..82f20277211bdd87eaf27857da1f403f2ec7f1f1 100644
--- a/roles/mailman/tasks/main.yml
+++ b/roles/mailman/tasks/main.yml
@@ -8,7 +8,7 @@
     - nginx
 
 - name: make nginx log dir
-  file: path=/var/log/nginx/{{ mailman_domain }} state=directory owner=root group=log mode=750
+  file: path=/var/log/nginx/{{ mailman_domain }} state=directory owner=root group=root mode=0755
   when: archweb_site
   tags:
     - nginx
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 3eba39996a99f3231b41f0e6653adee11cc8664c..57c6cb1b51d49bf93d3b85d1a6a1b2a9f1e3f492 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -29,7 +29,7 @@
   file: state=directory path=/etc/nginx/auth owner=root group=root mode=0755
 
 - name: create default nginx log directory
-  file: state=directory path=/var/log/nginx/default owner=root group=log mode=0750
+  file: state=directory path=/var/log/nginx/default owner=root group=root mode=0755
 
 - name: create unique DH group
   command: openssl dhparam -out /etc/ssl/dhparams.pem 2048 creates=/etc/ssl/dhparams.pem
diff --git a/roles/patchwork/tasks/main.yml b/roles/patchwork/tasks/main.yml
index df242f9f087e9881b653b2278250161535d8a5bb..bd30d908caabf32f0d165b5380c6b583037fb145 100644
--- a/roles/patchwork/tasks/main.yml
+++ b/roles/patchwork/tasks/main.yml
@@ -11,7 +11,7 @@
     - reload nginx
 
 - name: make nginx log dir
-  file: path=/var/log/nginx/{{ patchwork_domain }} state=directory owner=root group=log mode=750
+  file: path=/var/log/nginx/{{ patchwork_domain }} state=directory owner=root group=root mode=0755
 
 - name: deploy maintenance page
   template: src=503.html.j2 dest="{{ patchwork_dir }}/503.html" owner=patchwork group=patchwork mode=644
diff --git a/roles/planet/tasks/main.yml b/roles/planet/tasks/main.yml
index d4501341e44eb9f20b39848e7714f2ab40f6eab1..645d8f838caf640a4a95e10bfd289c04d9c2eaee 100644
--- a/roles/planet/tasks/main.yml
+++ b/roles/planet/tasks/main.yml
@@ -9,7 +9,7 @@
     - reload nginx
 
 - name: make nginx log dir
-  file: path=/var/log/nginx/{{ planet_domain }} state=directory owner=root group=log mode=0750
+  file: path=/var/log/nginx/{{ planet_domain }} state=directory owner=root group=root mode=0755
 
 - name: clone planet git repo
   git: dest={{ planet_dir }} repo=https://git.archlinux.org/vhosts/planet.archlinux.org.git
diff --git a/roles/public_html/tasks/main.yml b/roles/public_html/tasks/main.yml
index 4ae4c2d2f5fec6fdd7c21119b71ce788659ae135..1fd59b034bb2413312b6e80451fd6554d80f1b02 100644
--- a/roles/public_html/tasks/main.yml
+++ b/roles/public_html/tasks/main.yml
@@ -22,7 +22,7 @@
     - generate-public_html.service
 
 - name: make nginx log dir
-  file: path=/var/log/nginx/{{ public_domain }} state=directory owner=root group=log mode=750
+  file: path=/var/log/nginx/{{ public_domain }} state=directory owner=root group=root mode=0755
 
 - name: set up nginx
   template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/public_html.conf owner=root group=root mode=0644
diff --git a/roles/security_tracker/tasks/main.yml b/roles/security_tracker/tasks/main.yml
index 3491dffb7d13a90674015d4fd2eb4bb5340e8fb0..9dfa2430989178bcc2d0a11218c687584cdd1b7a 100644
--- a/roles/security_tracker/tasks/main.yml
+++ b/roles/security_tracker/tasks/main.yml
@@ -43,7 +43,7 @@
     - reload nginx
 
 - name: make nginx log dir
-  file: path=/var/log/nginx/{{ security_tracker_domain }} state=directory owner=root group=log mode=750
+  file: path=/var/log/nginx/{{ security_tracker_domain }} state=directory owner=root group=root mode=0755
 
 - name: copy security-tracker units
   copy: src="{{ item }}" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
diff --git a/roles/sources/tasks/main.yml b/roles/sources/tasks/main.yml
index b41436c64c85563c368e6441f1cc0c2ead591077..5a51630674d78805a4523bd6392abfe2c8acc559 100644
--- a/roles/sources/tasks/main.yml
+++ b/roles/sources/tasks/main.yml
@@ -6,7 +6,7 @@
     - reload nginx
 
 - name: make nginx log dir
-  file: path=/var/log/nginx/{{ sources_domain }} state=directory owner=root group=log mode=0750
+  file: path=/var/log/nginx/{{ sources_domain }} state=directory owner=root group=root mode=0755
 
 - name: make sources dir
   file: path={{ sources_dir }} state=directory owner=root group=root mode=0755
diff --git a/roles/syncrepo/tasks/main.yml b/roles/syncrepo/tasks/main.yml
index 445c160d8443c9dddb35083ac56798547c9e6049..2c900ed49a88a8c3638e4eefb6e18280fb180283 100644
--- a/roles/syncrepo/tasks/main.yml
+++ b/roles/syncrepo/tasks/main.yml
@@ -42,7 +42,7 @@
     create: true
 
 - name: make nginx log dir
-  file: path=/var/log/nginx/{{ mirror_domain }} state=directory owner=root group=log mode=750
+  file: path=/var/log/nginx/{{ mirror_domain }} state=directory owner=root group=root mode=0755
 
 - name: set up nginx
   template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/syncrepo.conf owner=root group=root mode=0644