diff --git a/nagios/manifests/init.pp b/nagios/manifests/init.pp
index 01740c7..e6689bb 100644
--- a/nagios/manifests/init.pp
+++ b/nagios/manifests/init.pp
@@ -103,23 +103,23 @@ class nagios::server {
     file { "/etc/nagios/conf.d":
         name    => $confdir,
         ensure  => directory,
+        mode    => "0640",
+        owner   => "root",
+        group   => "nagios",
         purge   => true,
         force   => true,
         recurse => true,
-        owner   => "root",
-        group   => "root",
-        mode    => "0644",
         source  => "puppet:///modules/custom/empty",
         require => Package["nagios"],
-        notify  => Service["nagios"],
     }
 
     file { "${confdir}/contactgroup_all.cfg":
-        ensure => present,
-        mode   => "0644",
-        owner  => "root",
-        group  => "root",
-        before => Nagios_Contactgroup["all"],
+        ensure  => present,
+        mode    => "0640",
+        owner   => "root",
+        group   => "nagios",
+        before  => Nagios_Contactgroup["all"],
+        require => File["/etc/nagios/conf.d"],
     }
     nagios_contactgroup { "all":
         target  => "${confdir}/contactgroup_all.cfg",
@@ -128,11 +128,12 @@ class nagios::server {
     }
 
     file { "${confdir}/host_default.cfg":
-        ensure => present,
-        mode   => "0644",
-        owner  => "root",
-        group  => "root",
-        before => Nagios_Host["default"],
+        ensure  => present,
+        mode    => "0640",
+        owner   => "root",
+        group   => "nagios",
+        before  => Nagios_Host["default"],
+        require => File["/etc/nagios/conf.d"],
     }
     nagios_host { "default":
         target                       => "${confdir}/host_default.cfg",
@@ -154,11 +155,12 @@ class nagios::server {
     }
 
     file { "${confdir}/service_default.cfg":
-        ensure => present,
-        mode   => "0644",
-        owner  => "root",
-        group  => "root",
-        before => Nagios_Service["default"],
+        ensure  => present,
+        mode    => "0640",
+        owner   => "root",
+        group   => "nagios",
+        before  => Nagios_Service["default"],
+        require => File["/etc/nagios/conf.d"],
     }
     nagios_service { "default":
         target                       => "${confdir}/service_default.cfg",
@@ -188,11 +190,12 @@ class nagios::server {
     }
 
     file { "${confdir}/timeperiod_24x7.cfg":
-        ensure => present,
-        mode   => "0644",
-        owner  => "root",
-        group  => "root",
-        before => Nagios_Timeperiod["24x7"],
+        ensure  => present,
+        mode    => "0640",
+        owner   => "root",
+        group   => "nagios",
+        before  => Nagios_Timeperiod["24x7"],
+        require => File["/etc/nagios/conf.d"],
     }
     nagios_timeperiod { "24x7":
         target    => "${confdir}/timeperiod_24x7.cfg",
@@ -222,11 +225,12 @@ class nagios::server {
 define nagios::contact::email($confdir=$nagios::server::confdir) {
 
     file { "${confdir}/contact_${name}.cfg":
-        ensure => present,
-        mode   => "0644",
-        owner  => "root",
-        group  => "root",
-        before => Nagios_Contact[$name],
+        ensure  => present,
+        mode    => "0640",
+        owner   => "root",
+        group   => "nagios",
+        before  => Nagios_Contact[$name],
+        require => File["/etc/nagios/conf.d"],
     }
     nagios_contact { $name:
         target                        => "${confdir}/contact_${name}.cfg",
@@ -246,11 +250,12 @@ define nagios::contact::email($confdir=$nagios::server::confdir) {
 define nagios::contact::prowl($confdir=$nagios::server::confdir) {
 
     file { "${confdir}/contact_${name}.cfg":
-        ensure => present,
-        mode   => "0644",
-        owner  => "root",
-        group  => "root",
-        before => Nagios_Contact[$name],
+        ensure  => present,
+        mode    => "0640",
+        owner   => "root",
+        group   => "nagios",
+        before  => Nagios_Contact[$name],
+        require => File["/etc/nagios/conf.d"],
     }
     nagios_contact { $name:
         target                        => "${confdir}/contact_${name}.cfg",
@@ -270,11 +275,12 @@ define nagios::contact::prowl($confdir=$nagios::server::confdir) {
 define nagios::host($confdir, $operatingsystem) {
 
     file { "${confdir}/host_${name}.cfg":
-        ensure => present,
-        mode   => "0644",
-        owner  => "root",
-        group  => "root",
-        before => Nagios_Host[$name],
+        ensure  => present,
+        mode    => "0640",
+        owner   => "root",
+        group   => "nagios",
+        before  => Nagios_Host[$name],
+        require => File["/etc/nagios/conf.d"],
     }
     nagios_host { $name:
         ensure => present,
@@ -283,11 +289,12 @@ define nagios::host($confdir, $operatingsystem) {
     }
 
 #    file { "${confdir}/hostextinfo_${name}.cfg":
-#        ensure => present,
-#        mode   => "0644",
-#        owner  => "root",
-#        group  => "root",
-#        before => Nagios_Hostextinfo[$name],
+#        ensure  => present,
+#        mode    => "0640",
+#        owner   => "root",
+#        group   => "nagios",
+#        before  => Nagios_Hostextinfo[$name],
+#        require => File["/etc/nagios/conf.d"],
 #    }
 #    nagios_hostextinfo { $name:
 #        ensure          => present,
@@ -303,11 +310,12 @@ define nagios::host($confdir, $operatingsystem) {
 define nagios::service($confdir, $host, $command, $description) {
 
     file { "${confdir}/service_${name}.cfg":
-        ensure => present,
-        mode   => "0644",
-        owner  => "root",
-        group  => "root",
-        before => Nagios_Service[$name],
+        ensure  => present,
+        mode    => "0640",
+        owner   => "root",
+        group   => "nagios",
+        before  => Nagios_Service[$name],
+        require => File["/etc/nagios/conf.d"],
     }
     nagios_service { $name:
         host_name           => $host,