diff --git a/tasks/php-fpm.yml b/tasks/php-fpm.yml
index aeef4c1619ec3cfdf434edf9c0fbb6d824495052..20afac56f944287235f18436a32d27332c37d2ff 100644
--- a/tasks/php-fpm.yml
+++ b/tasks/php-fpm.yml
@@ -74,3 +74,10 @@
     mode: 0644
   notify:
   - restart php-fpm
+
+- name: patch logrotate to fix permissions
+  lineinfile:
+    path: "/etc/logrotate.d/php{{ php_version }}-fpm"
+    regexp: '^create 0640 root adm'
+    insertafter: '/var/log/php7.3-fpm.log {'
+    line: "create 0640 root adm"