diff --git a/roles/lmn_tmpfixes/tasks/main.yml b/roles/lmn_tmpfixes/tasks/main.yml
index 450d988..23e0bf8 100644
--- a/roles/lmn_tmpfixes/tasks/main.yml
+++ b/roles/lmn_tmpfixes/tasks/main.yml
@@ -32,6 +32,3 @@
     state: absent
     purge: true
     autoremove: true
-
-- name: Set VM permissions
-  ansible.builtin.command: chmod -R o+r /lmn/vm
diff --git a/roles/lmn_vm/files/vm-run b/roles/lmn_vm/files/vm-run
index 3fa4f75..454b4c5 100755
--- a/roles/lmn_vm/files/vm-run
+++ b/roles/lmn_vm/files/vm-run
@@ -125,6 +125,8 @@ create_clone() {
 
 create_printerlist() {
   ## Prepare .printerlist.csv
+  mkdir -p "${VM_MEDIADIR}"
+  chgrp "$(id -g)" "${VM_MEDIADIR}"
   echo "Name;IppURL" > "${VM_MEDIADIR}/.printerlist.csv"
   for p in $(lpstat -v | cut -f 3 -d" " | sed 's/:$//'); do
     echo "$p;ipp://192.168.122.1/printers/$p" >> "${VM_MEDIADIR}/.printerlist.csv"
@@ -206,6 +208,7 @@ EOF
 
 QEMU='qemu:///session'
 
+umask 077
 
 NEWCLONE=0
 PERSISTENT=0
@@ -360,8 +363,6 @@ if  ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
     else
       VMINFO_DIR="/lmn/media/${USER}"
     fi
-    mkdir -p "${VM_MEDIADIR}" -m 700
-    chgrp "$(id -g)" "${VM_MEDIADIR}"
     create_printerlist
     create_mountlist
 
@@ -369,7 +370,7 @@ if  ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
     [[ "${QEMU}" = 'qemu:///session' ]] && start_virtiofsd
 
     # Create VMInfo Json file
-    #( umask 077; ./vm-create-vminfo > "${VMINFO_DIR}/.vminfo.json" )
+    #( umask 027; ./vm-create-vminfo > "${VMINFO_DIR}/.vminfo.json" )
     # Start vminfo.timer
     systemctl --user restart vminfo.timer