diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix
index d0088dc..30fb57c 100644
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@@ -105,7 +105,7 @@ in {
       source = config.nix-bitcoin.pkgs.netns-exec;
       capabilities = "cap_sys_admin=ep";
       owner = cfg.allowedUser;
-      permissions = "u+rx,g+rx,o-rwx";
+      permissions = "550";
     };
 
     systemd.services = {