diff --git a/roles/matrix-conduit/defaults/main.yml b/roles/matrix-conduit/defaults/main.yml
index 05746651..f71f6f10 100644
--- a/roles/matrix-conduit/defaults/main.yml
+++ b/roles/matrix-conduit/defaults/main.yml
@@ -10,8 +10,8 @@ matrix_conduit_docker_image_tag: "v0.4.0"
 matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"
 
 matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"
-matrix_conduit_config_dir_path: "{{ matrix_conduit_base_path }}/config"
-matrix_conduit_data_dir_path: "{{ matrix_conduit_base_path }}/storage"
+matrix_conduit_config_path: "{{ matrix_conduit_base_path }}/config"
+matrix_conduit_data_path: "{{ matrix_conduit_base_path }}/storage"
 
 matrix_conduit_port_number: 6167
 
diff --git a/roles/matrix-conduit/tasks/conduit/setup_install.yml b/roles/matrix-conduit/tasks/conduit/setup_install.yml
index 9fd933c7..5611e3e3 100644
--- a/roles/matrix-conduit/tasks/conduit/setup_install.yml
+++ b/roles/matrix-conduit/tasks/conduit/setup_install.yml
@@ -13,7 +13,7 @@
 - name: Ensure Conduit configuration installed
   template:
     src: "{{ role_path }}/templates/conduit/conduit.toml.j2"
-    dest: "{{ matrix_conduit_config_dir_path }}/conduit.toml"
+    dest: "{{ matrix_conduit_config_path }}/conduit.toml"
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
diff --git a/roles/matrix-conduit/tasks/setup_conduit.yml b/roles/matrix-conduit/tasks/setup_conduit.yml
index 7979aee4..17738b17 100644
--- a/roles/matrix-conduit/tasks/setup_conduit.yml
+++ b/roles/matrix-conduit/tasks/setup_conduit.yml
@@ -7,8 +7,20 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
   with_items:
-    - {path: "{{ matrix_conduit_config_dir_path }}", when: true}
-    - {path: "{{ matrix_conduit_data_dir_path }}", when: true}
+    - {path: "{{ matrix_conduit_config_path }}", when: true}
+    - {path: "{{ matrix_conduit_data_path }}", when: true}
   when: "matrix_conduit_enabled|bool and item.when"
 
+# We do this as a separate task, because:
+# - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is)
+# - matrix-postgres does something similar
+- name: Ensure Conduit data path ownership is correct
+  file:
+    path: "{{ matrix_conduit_data_path }}"
+    state: directory
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    recurse: true
+  when: matrix_conduit_enabled|bool
+
 - import_tasks: "{{ role_path }}/tasks/conduit/setup.yml"
diff --git a/roles/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 b/roles/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2
index 2d4d2453..51b204f6 100644
--- a/roles/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2
+++ b/roles/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2
@@ -20,8 +20,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-conduit \
 			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_conduit_tmp_directory_size_mb }}m \
 			--network={{ matrix_docker_network }} \
 			--env CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml \
-			--mount type=bind,src={{ matrix_conduit_data_dir_path }},dst=/var/lib/matrix-conduit \
-			--mount type=bind,src={{ matrix_conduit_config_dir_path }},dst=/etc/matrix-conduit,ro \
+			--mount type=bind,src={{ matrix_conduit_data_path }},dst=/var/lib/matrix-conduit \
+			--mount type=bind,src={{ matrix_conduit_config_path }},dst=/etc/matrix-conduit,ro \
 			{% for arg in matrix_conduit_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}