diff --git a/tasks/tlog.yml b/tasks/tlog.yml
index 8740549..f2d21ed 100644
--- a/tasks/tlog.yml
+++ b/tasks/tlog.yml
@@ -11,6 +11,7 @@
     section: sssd
     option: enable_files_domain
     value: "true"
+    mode: '0600'
   notify: restart_sssd
 
 - name: Add session recording configuration
@@ -23,7 +24,7 @@
   notify: restart_sssd
 
 - name: Enable the files domain through authselect
-  command: >
+  ansible.builtin.command: >
         /usr/bin/authselect select custom/sssd-rocky
         without-nullok
         with-faillock