diff --git a/cli/tests/unit/test_task.py b/cli/tests/unit/test_task.py
index f39d158..7e0aa64 100644
--- a/cli/tests/unit/test_task.py
+++ b/cli/tests/unit/test_task.py
@@ -25,7 +25,6 @@ def test_log_master_unavailable(config_mock):
 def test_log_no_tasks():
     """ Test slave's state.json being unavailable """
     with patch('dcos.mesos.DCOSClient.get_master_state', return_value={}), \
-            patch('dcos.mesos.DCOSClient.get_master_state', return_value={}), \
             patch('dcos.mesos.Master.tasks', return_value={}):
 
         stderr = b"""No matching tasks. Exiting.\n"""
diff --git a/dcos/config.py b/dcos/config.py
index ff172dd..86aa2a5 100644
--- a/dcos/config.py
+++ b/dcos/config.py
@@ -2,6 +2,7 @@ import collections
 import copy
 import json
 import os
+import stat
 
 import pkg_resources
 import toml
@@ -152,6 +153,21 @@ def set_val(name, value):
     return toml_config, msg
 
 
+def _enforce_config_permissions(path):
+    """Enfore 600 permissions on config file
+
+    :param path: Path to the TOML file
+    :type path: str
+    :rtype: None
+    """
+    permissions = oct(stat.S_IMODE(os.lstat(path).st_mode))
+    if permissions not in ['0o600', '0600']:
+        msg = ("Permissions '{}' for configuration file '{}' are too open. "
+               "File must only be accessible by owner. "
+               "Aborting...".format(permissions, path))
+        raise DCOSException(msg)
+
+
 def load_from_path(path, mutable=False):
     """Loads a TOML file from the path
 
@@ -164,6 +180,7 @@ def load_from_path(path, mutable=False):
     """
 
     util.ensure_file_exists(path)
+    _enforce_config_permissions(path)
     with util.open_file(path, 'r') as config_file:
         try:
             toml_obj = toml.loads(config_file.read())
@@ -181,6 +198,7 @@ def save(toml_config):
 
     serial = toml.dumps(toml_config._dictionary)
     path = get_config_path()
+    _enforce_config_permissions(path)
     with util.open_file(path, 'w') as config_file:
         config_file.write(serial)
 
diff --git a/dcos/util.py b/dcos/util.py
index f96e859..14ea0db 100644
--- a/dcos/util.py
+++ b/dcos/util.py
@@ -146,6 +146,7 @@ def ensure_file_exists(path):
     if not os.path.exists(path):
         try:
             open(path, 'w').close()
+            os.chmod(path, 0o600)
         except IOError as e:
             raise DCOSException(
                 'Cannot create file [{}]: {}'.format(path, e))