diff --git a/build.sh b/build.sh
index 66213a50..e1d4cd31 100755
--- a/build.sh
+++ b/build.sh
@@ -883,7 +883,10 @@ install_colibri_service() {
         /var/db/colibri \
         /var/run/colibri \
         /var/log/colibri
-    chmod 0755 \
+    # 0750 matches the rc.d prestart (install -d -m 0750); the daemon dirs hold
+    # the SQLite DB and logs and should not be world-readable. The operator
+    # reaches them via the colibri group, not "other".
+    chmod 0750 \
         "${MOUNT_POINT}/var/db/colibri" \
         "${MOUNT_POINT}/var/run/colibri" \
         "${MOUNT_POINT}/var/log/colibri"
@@ -902,7 +905,7 @@ install_colibri_service() {
     set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_db_path="/var/db/colibri/colibri.sqlite"'
     set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_logfile="/var/log/colibri/daemon.log"'
     set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_provider_env="/usr/local/etc/colibri/provider.env"'
-    set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_host="$(hostname)"'
+    set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_host="$(/bin/hostname)"'
     set_config_line "${MOUNT_POINT}/etc/rc.conf" "colibri_daemon_cost_mode=\"${COLIBRI_COST_MODE:-smart}\""
 
     if [ ! -x "${MOUNT_POINT}/usr/local/bin/colibri-daemon" ] || \