diff --git a/internal/server/instance/drivers/driver_lxc.go b/internal/server/instance/drivers/driver_lxc.go
index 8cde1d20a30..8de0f0d8cf1 100644
--- a/internal/server/instance/drivers/driver_lxc.go
+++ b/internal/server/instance/drivers/driver_lxc.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"io/fs"
 	"net"
 	"net/http"
 	"os"
@@ -6623,6 +6624,43 @@ func (d *lxc) templateApplyNow(trigger instance.TemplateTrigger) error {
 					return fmt.Errorf("Failed to create template file: %w", err)
 				}
 			} else {
+				// UID and GID
+				fileUID := int64(0)
+				fileGID := int64(0)
+
+				if tpl.UID != "" {
+					id, err := strconv.ParseInt(tpl.UID, 10, 64)
+					if err != nil {
+						return fmt.Errorf("Bad file UID %q for %q: %w", tpl.UID, tplPath, err)
+					}
+
+					fileUID = id
+				}
+
+				if tpl.GID != "" {
+					id, err := strconv.ParseInt(tpl.GID, 10, 64)
+					if err != nil {
+						return fmt.Errorf("Bad file GID %q for %q: %w", tpl.GID, tplPath, err)
+					}
+
+					fileGID = id
+				}
+
+				if idmapset != nil {
+					fileUID, fileGID = idmapset.ShiftIntoNS(fileUID, fileGID)
+				}
+
+				// Mode
+				fileMode := fs.FileMode(0644)
+				if tpl.Mode != "" {
+					mode, err := strconv.ParseInt(tpl.Mode, 0, 0)
+					if err != nil {
+						return fmt.Errorf("Bad mode %q for %q: %w", tpl.Mode, tplPath, err)
+					}
+
+					fileMode = os.FileMode(mode) & os.ModePerm
+				}
+
 				// Create the directories leading to the file
 				err = internalUtil.MkdirAllOwner(path.Dir(fullpath), 0755, int(rootUID), int(rootGID))
 				if err != nil {
@@ -6636,12 +6674,12 @@ func (d *lxc) templateApplyNow(trigger instance.TemplateTrigger) error {
 				}
 
 				// Fix ownership and mode
-				err = w.Chown(int(rootUID), int(rootGID))
+				err = w.Chown(int(fileUID), int(fileGID))
 				if err != nil {
 					return err
 				}
 
-				err = w.Chmod(0644)
+				err = w.Chmod(fileMode)
 				if err != nil {
 					return err
 				}