diff --git a/app/models/file_yard.rb b/app/models/file_yard.rb
index 0c327b88..566218da 100644
--- a/app/models/file_yard.rb
+++ b/app/models/file_yard.rb
@@ -17,6 +17,8 @@ class FileYard
     else
       File.open(file_path(name), 'wb') { |f| f.write(io.read) }
     end
+    # just in case, estrict read access and prohibit write access to the uploaded file
+    FileUtils.chmod(0440, file_path(name))
   end
 
   def files