diff --git a/roles/grafana_agent/tasks/install/directories.yaml b/roles/grafana_agent/tasks/install/directories.yaml
index 3453e6e..593f9ea 100644
--- a/roles/grafana_agent/tasks/install/directories.yaml
+++ b/roles/grafana_agent/tasks/install/directories.yaml
@@ -23,4 +23,4 @@
         state: directory
         owner: root
         group: "{{ grafana_agent_user_group }}"
-        mode: 0755
+        mode: 0775
diff --git a/roles/grafana_agent/templates/grafana-agent.service.j2 b/roles/grafana_agent/templates/grafana-agent.service.j2
index b6e1785..247c77e 100644
--- a/roles/grafana_agent/templates/grafana-agent.service.j2
+++ b/roles/grafana_agent/templates/grafana-agent.service.j2
@@ -11,7 +11,7 @@ After=local-fs.target
 Type=simple
 User={{ grafana_agent_user }}
 Group={{ grafana_agent_user_group }}
-WorkingDirectory={{ grafana_agent_config_dir }}
+WorkingDirectory={{ grafana_agent_data_dir }}
 EnvironmentFile={{ grafana_agent_config_dir }}/{{ grafana_agent_env_file}}
 
 ExecStart={{ grafana_agent_install_dir }}/{{ grafana_agent_binary }} \
@@ -39,6 +39,7 @@ ProtectKernelTunables=yes
 {% else %}
 ProtectSystem=full
 {% endif %}
+ReadWritePaths=/tmp {{ grafana_agent_data_dir }} {{ grafana_agent_positions_dir }} {{ grafana_agent_wal_dir }}
 
 [Install]
 WantedBy=multi-user.target