diff --git a/defaults/main.yml b/defaults/main.yml
index b92cdd0..2bd3b9c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -115,3 +115,5 @@ outputfiles: /home/ali/ #Output dir of some command
 disable_autofs: true
 disable_usb: true
 install_apparmor: true
+# 6.2.7 Ensure users' dot files are not group or world accessible
+fix_dot_file_permissions: yes
diff --git a/tasks/section_6_System_Maintenance.yaml b/tasks/section_6_System_Maintenance.yaml
index 8d6e71b..fe8d9a5 100644
--- a/tasks/section_6_System_Maintenance.yaml
+++ b/tasks/section_6_System_Maintenance.yaml
@@ -366,7 +366,16 @@
     - name: 6.2.7 Ensure users' dot files are not group or world writable | save output
       copy:
         dest: "{{ outputfiles }}/6.2.7"
-        content: "{{ output_6_2_7.stdout_lines }}"
+        content: "{{ output_6_2_7.stdout }}"
+    - name: 6.2.7 Ensure users' dot files are not group or world writable | correct file permissions
+      # files with go+w will be touched twice, as they figure twice in the filter result
+      file:
+        path: "{{ item.split()[-1] }}"
+        mode: g-w,o-w
+      with_items: "{{ output_6_2_7.stdout_lines }}"
+      when:
+        - fix_dot_file_permissions
+        - output_6_2_7.stdout
   tags:
     - section6
     - level_1_server