--- a/src/persist.c
+++ b/src/persist.c
@@ -343,6 +343,9 @@
 		mqtt3_db_store_clean(db);
 	}
 
+	/* Restrict access to persistence file. */
+	umask(0077);
+
 	db_fptr = fopen(db->config->persistence_filepath, "wb");
 	if(db_fptr == NULL){
 		goto error;