diff --git a/tasks/main.yml b/tasks/main.yml
index dd6ff77..ac5cdd6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -131,19 +131,32 @@
     - 'ensure_apache.service_facts'
     - 'ensure_apache.service_reload'
     - 'ensure_apache.services'
-- name: 'base mod_md store'
+- name: 'ensure permissions'
   when:
     - ansible_system == 'Linux'
     - ensure_apache is defined
     - http_vhost is defined
     - http_vhost is iterable
+    - permission_list is defined
+    - permission_list is iterable
   ansible.builtin.file:
-    group: 'apache'
-    owner: 'root'
-    mode: '0770'
-    path: '/etc/httpd/md'
-    state: 'directory'
-    setype: 'httpd_var_lib_t'
+    attributes: '{{ item.attributes | default(omit) }}'
+    follow: '{{ item.follow | default(omit) }}'
+    force: '{{ item.force | default(omit) }}'
+    group: '{{ item.group | default(omit) }}'
+    owner: '{{ item.owner | default(omit) }}'
+    mode: '{{ item.mode | default(omit) }}'
+    path: '{{ item.path }}'
+    reuse: '{{ item.reuse | default(omit) }}'
+    selevel: '{{ item.selevel | default(omit) }}'
+    serole: '{{ item.serole | default(omit) }}'
+    setype: '{{ item.setype | default(omit) }}'
+    seuser: '{{ item.seuser | default(omit) }}'
+    src: '{{ item.src | default(omit) }}'
+    state: '{{ item.state }}'
+  loop: '{{ permissions_list }}'
+  loop_control:
+    label: '{{ item.path }} will be ensured'
   notify:
     - 'ensure_apache.package_facts'
     - 'ensure_apache.service_facts'
diff --git a/vars/Fedora-34-default.yml b/vars/Fedora-34-default.yml
index 38f5f99..a0c6bd1 100644
--- a/vars/Fedora-34-default.yml
+++ b/vars/Fedora-34-default.yml
@@ -44,6 +44,13 @@ firewall_list:
   - permanent: 'yes'
     service: 'https'
     state: 'enabled'
+permissions_list:
+  - path: '/etc/httpd/md'
+    group: 'apache'
+    owner: 'root'
+    mode: '0770'
+    state: 'directory'
+    setype: 'httpd_var_lib_t'
 seboolean_list:
   - name: 'httpd_can_network_connect'
     persistent: 'yes'
diff --git a/vars/Fedora-35-default.yml b/vars/Fedora-35-default.yml
index e1bbbff..f6c14e4 100644
--- a/vars/Fedora-35-default.yml
+++ b/vars/Fedora-35-default.yml
@@ -42,6 +42,13 @@ firewall_list:
   - permanent: 'yes'
     service: 'https'
     state: 'enabled'
+permissions_list:
+  - path: '/etc/httpd/md'
+    group: 'apache'
+    owner: 'root'
+    mode: '0770'
+    state: 'directory'
+    setype: 'httpd_var_lib_t'
 seboolean_list:
   - name: 'httpd_can_network_connect'
     persistent: 'yes'