diff --git a/README.rst b/README.rst
index 820ccd8..9024076 100644
--- a/README.rst
+++ b/README.rst
@@ -35,7 +35,7 @@ Currently, only a handful of options can be set using the pillar:
 
 - Global
 
-  + stats: enable stats, curently only via a unix socket which can be set to a path
+  + stats: enable stats, curently only via a unix socket which can be set to a path with custom permissions
   + user: sets the user haproxy shall run as
   + group: sets the group haproxy shall run as
   + chroot: allows you to turn on chroot and set a directory
diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja
index 2411b4f..e16bccc 100644
--- a/haproxy/templates/haproxy.jinja
+++ b/haproxy/templates/haproxy.jinja
@@ -34,7 +34,7 @@ global
     daemon
 {%- endif %}
 {%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
-    stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }}
+    stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} mode {{ salt['pillar.get']('haproxy:global:stats:mode', '660') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }}
 {%- endif %}
 {%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %}
     maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }}
diff --git a/pillar.example b/pillar.example
index 7d1d408..6bf81ce 100644
--- a/pillar.example
+++ b/pillar.example
@@ -10,6 +10,7 @@ haproxy:
     stats:
       enable: True
       socketpath: /var/lib/haproxy/stats
+      mode: 660
       level: admin
     ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
     ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"