diff --git a/.changelog/24410.txt b/.changelog/24410.txt
new file mode 100644
index 00000000000..92d5913a558
--- /dev/null
+++ b/.changelog/24410.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+consul: Fixed a bug where non-root Nomad agents could not recreate a task's Consul token on task restart
+```
diff --git a/client/allocrunner/taskrunner/consul_hook.go b/client/allocrunner/taskrunner/consul_hook.go
index a6ecbadfc5b..e8b03cc766e 100644
--- a/client/allocrunner/taskrunner/consul_hook.go
+++ b/client/allocrunner/taskrunner/consul_hook.go
@@ -25,7 +25,7 @@ const (
 
 	// consulTokenFilePerms is the level of file permissions granted on the file in
 	// the secrets directory for the task
-	consulTokenFilePerms = 0440
+	consulTokenFilePerms = 0640
 )
 
 type consulHook struct {