diff --git a/.perlcriticrc b/.perlcriticrc
new file mode 100644
index 000000000..ece5bc27b
--- /dev/null
+++ b/.perlcriticrc
@@ -0,0 +1,6 @@
+severity = 5
+
+# Octal file permission literals (0700, 0640, etc.) are the standard Perl
+# idiom for chmod/mkdir/permission helpers throughout this codebase. The
+# policy flags chmod 0700 itself, so it is too coarse for our use.
+[-ValuesAndExpressions::ProhibitLeadingZeros]
diff --git a/acl/forgot_send.cgi b/acl/forgot_send.cgi
index b9fec901a..d9cb48442 100755
--- a/acl/forgot_send.cgi
+++ b/acl/forgot_send.cgi
@@ -37,7 +37,7 @@ my %link = ( 'id' => &generate_random_id(),
 	     'user' => $wuser->{'name'},
 	     'uuser' => $unixuser, );
 $link{'id'} || &error($text{'forgot_erandom'});
-&make_dir($main::forgot_password_link_dir, 0700);    ## no critic (ProhibitLeadingZeros)
+&make_dir($main::forgot_password_link_dir, 0700);
 my $linkfile = $main::forgot_password_link_dir."/".$link{'id'};
 &lock_file($linkfile);
 &write_file($linkfile, \%link);
diff --git a/acl/save_acl.cgi b/acl/save_acl.cgi
index c659a75e8..6b13fddf3 100755
--- a/acl/save_acl.cgi
+++ b/acl/save_acl.cgi
@@ -73,7 +73,7 @@ else {
 		&save_module_acl(\%maccess, $in{'_acl_user'},
 				 $in{'_acl_mod'},1);
 		}
-	&set_ownership_permissions(undef, undef, 0640, $aclfile);    ## no critic (ProhibitLeadingZeros)
+	&set_ownership_permissions(undef, undef, 0640, $aclfile);
 	&unlock_file($aclfile);
 
 	if ($in{'_acl_group'}) {
diff --git a/acl/save_group.cgi b/acl/save_group.cgi
index a46b3cd03..7377d1ae9 100755
--- a/acl/save_group.cgi
+++ b/acl/save_group.cgi
@@ -131,7 +131,7 @@ if ($in{'old'} && $in{'acl_security_form'}) {
 	my $aclfile = "$config_directory/$in{'name'}.gacl";
 	&lock_file($aclfile);
 	&save_group_module_acl(\%uaccess, $in{'name'}, "", 1);
-	&set_ownership_permissions(undef, undef, 0640, $aclfile);    ## no critic (ProhibitLeadingZeros)
+	&set_ownership_permissions(undef, undef, 0640, $aclfile);
 	&unlock_file($aclfile);
 	}
 
diff --git a/acl/save_user.cgi b/acl/save_user.cgi
index 7decdca5a..4c688aa1f 100755
--- a/acl/save_user.cgi
+++ b/acl/save_user.cgi
@@ -378,7 +378,7 @@ if ($in{'acl_security_form'} && !$newgroup && !$in{'safe'}) {
 	$uaccess{'rpc'} = $in{'rpc'};
 	&lock_file($aclfile);
 	&save_module_acl(\%uaccess, $in{'name'}, "", 1);
-	&set_ownership_permissions(undef, undef, 0640, $aclfile);    ## no critic (ProhibitLeadingZeros)
+	&set_ownership_permissions(undef, undef, 0640, $aclfile);
 	&unlock_file($aclfile);
 	}
 
diff --git a/acl/t/perlcritic.t b/acl/t/perlcritic.t
index e1244d598..cc657b1c0 100644
--- a/acl/t/perlcritic.t
+++ b/acl/t/perlcritic.t
@@ -51,8 +51,7 @@ if (!@files) {
 }
 
 my $critic = Perl::Critic->new(
-    -severity => 5,
-    -profile => '',
+    -profile => "$bindir/../../.perlcriticrc",
 );
 
 foreach my $file (@files) {
diff --git a/nftables/t/perlcritic.t b/nftables/t/perlcritic.t
index b1b91c3af..57283f16f 100644
--- a/nftables/t/perlcritic.t
+++ b/nftables/t/perlcritic.t
@@ -46,8 +46,7 @@ if (!@files) {
 }
 
 my $critic = Perl::Critic->new(
-    -severity => 5,
-    -profile => '',
+    -profile => "$bindir/../../.perlcriticrc",
 );
 
 foreach my $file (@files) {