diff --git a/playbooks/roles/refstack/tasks/main.yaml b/playbooks/roles/refstack/tasks/main.yaml
index 938f28fc8e..5c7d4067bb 100644
--- a/playbooks/roles/refstack/tasks/main.yaml
+++ b/playbooks/roles/refstack/tasks/main.yaml
@@ -70,13 +70,14 @@
     group: root
     mode: 0755
 
+# NOTE(ianw) This deliberately does not set owner/group/mode, as the
+# mariadb container chowns this directory to be owned by a
+# container-internal user and drops root privileges.  We don't want to
+# reset this from outside the container.
 - name: Create refstack db storage area
   file:
     state: directory
     path: /var/lib/refstack/db
-    owner: root
-    group: root
-    mode: 0755
 
 - name: Copy hound robots.txt
   copy: