diff --git a/src/libeis-socket.c b/src/libeis-socket.c
index c743836..888c955 100644
--- a/src/libeis-socket.c
+++ b/src/libeis-socket.c
@@ -181,6 +181,10 @@ eis_setup_backend_socket(struct eis *eis, const char *socketpath)
 	if (bind(sockfd, (struct sockaddr *)&addr, sizeof(addr)) == -1)
 		return -errno;
 
+	/* Restrict socket to owner-only access regardless of umask */
+	if (fchmod(sockfd, S_IRUSR | S_IWUSR) == -1)
+		return -errno;
+
 	if (listen(sockfd, 2) == -1)
 		return -errno;