diff --git a/Documentation/op-guide/security.md b/Documentation/op-guide/security.md
index c4cb883e9a9c..2750f399992d 100644
--- a/Documentation/op-guide/security.md
+++ b/Documentation/op-guide/security.md
@@ -431,6 +431,9 @@ No. etcd doesn't encrypt key/value data stored on disk drives. If a user need to
 * Let client applications encrypt and decrypt the data
 * Use a feature of underlying storage systems for encrypting stored data like [dm-crypt]
 
+### I’m seeing a log warning that "directory X exist without desired file permission -rwx------"
+When etcd create certain new directories it sets file permission to 700 to prevent unprivileged access as possible. However, if user has already created a directory with own preference, different than 700, etcd uses the existing directory and logs the warning message.
+
 [cfssl]: https://github.com/cloudflare/cfssl
 [tls-setup]: ../../hack/tls-setup
 [tls-guide]: https://github.com/coreos/docs/blob/master/os/generate-self-signed-certificates.md
diff --git a/pkg/fileutil/fileutil.go b/pkg/fileutil/fileutil.go
index 01030b213a4f..27f15aaebcee 100644
--- a/pkg/fileutil/fileutil.go
+++ b/pkg/fileutil/fileutil.go
@@ -20,6 +20,8 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+
+	"go.uber.org/zap"
 )
 
 const (
@@ -45,7 +47,11 @@ func TouchDirAll(dir string) error {
 	if Exist(dir) {
 		err := CheckDirPermission(dir, PrivateDirMode)
 		if err != nil {
-			return err
+			lg, _ := zap.NewProduction()
+			if lg == nil {
+				lg = zap.NewExample()
+			}
+			lg.Warn("check file permission", zap.Error(err))
 		}
 	} else {
 		err := os.MkdirAll(dir, PrivateDirMode)