diff --git a/parity/signer.rs b/parity/signer.rs
index 7cc258ed9..b4b3679ef 100644
--- a/parity/signer.rs
+++ b/parity/signer.rs
@@ -72,7 +72,7 @@ pub fn start(conf: Configuration, deps: Dependencies) -> Result<Option<SignerSer
 fn codes_path(path: String) -> PathBuf {
 	let mut p = PathBuf::from(path);
 	p.push(CODES_FILENAME);
-	let _ = restrict_permissions_owner(&p);
+	let _ = restrict_permissions_owner(&p, true, false);
 	p
 }
 
diff --git a/updater/src/updater.rs b/updater/src/updater.rs
index 9f781ed5a..5af36b52f 100644
--- a/updater/src/updater.rs
+++ b/updater/src/updater.rs
@@ -18,8 +18,9 @@ use std::sync::{Arc, Weak};
 use std::fs;
 use std::io::Write;
 use std::path::{PathBuf};
-use util::misc::platform;
 use ipc_common_types::{VersionInfo, ReleaseTrack};
+use util::path::restrict_permissions_owner; 
+use util::misc::platform;
 use util::{Address, H160, H256, FixedHash, Mutex, Bytes};
 use ethsync::{SyncProvider};
 use ethcore::client::{BlockId, BlockChainClient, ChainNotify};
@@ -197,7 +198,8 @@ impl Updater {
 				let dest = self.updates_path(&Self::update_file_name(&fetched.version));
 				fs::create_dir_all(dest.parent().expect("at least one thing pushed; qed")).map_err(|e| format!("Unable to create updates path: {:?}", e))?;
 				fs::copy(&b, &dest).map_err(|e| format!("Unable to copy update: {:?}", e))?;
-				info!(target: "updater", "Copied file to {}", dest.display());
+				restrict_permissions_owner(&dest, false, true).map_err(|e| format!("Unable to update permissions: {}", e))?;
+				info!(target: "updater", "Installed updated binary to {}", dest.display());
 				let auto = match self.update_policy.filter {
 					UpdateFilter::All => true,
 					UpdateFilter::Critical if fetched.is_critical /* TODO: or is on a bad fork */ => true,
diff --git a/util/network/src/host.rs b/util/network/src/host.rs
index 2bdeab93e..681773c36 100644
--- a/util/network/src/host.rs
+++ b/util/network/src/host.rs
@@ -1168,8 +1168,8 @@ fn save_key(path: &Path, key: &Secret) {
 			return;
 		}
 	};
-	if let Err(e) = restrict_permissions_owner(path) {
-		warn!(target: "network", "Failed to modify permissions of the file (chmod: {})", e);
+	if let Err(e) = restrict_permissions_owner(path, true, false) {
+		warn!(target: "network", "Failed to modify permissions of the file ({})", e);
 	}
 	if let Err(e) = file.write(&key.hex().into_bytes()) {
 		warn!("Error writing key file: {:?}", e);
diff --git a/util/src/path.rs b/util/src/path.rs
index 4cb0b413d..cbeec8a44 100644
--- a/util/src/path.rs
+++ b/util/src/path.rs
@@ -86,18 +86,15 @@ pub mod ethereum {
 }
 
 /// Restricts the permissions of given path only to the owner.
-#[cfg(not(windows))]
-pub fn restrict_permissions_owner(file_path: &Path) -> Result<(), i32>  {
-	let cstr = ::std::ffi::CString::new(file_path.to_str().unwrap()).unwrap();
-	match unsafe { ::libc::chmod(cstr.as_ptr(), ::libc::S_IWUSR | ::libc::S_IRUSR) } {
-		0 => Ok(()),
-		x => Err(x),
-	}
+#[cfg(unix)]
+pub fn restrict_permissions_owner(file_path: &Path, write: bool, executable: bool) -> Result<(), String>  {
+	let perms = ::std::os::unix::fs::PermissionsExt::from_mode(0o400 + write as u32 * 0o200 + executable as u32 * 0o100);
+	::std::fs::set_permissions(file_path, perms).map_err(|e| format!("{:?}", e))
 }
 
 /// Restricts the permissions of given path only to the owner.
-#[cfg(windows)]
-pub fn restrict_permissions_owner(_file_path: &Path) -> Result<(), i32>  {
+#[cfg(not(unix))]
+pub fn restrict_permissions_owner(_file_path: &Path) -> Result<(), String>  {
 	//TODO: implement me
 	Ok(())
 }