diff --git a/manifests/params.pp b/manifests/params.pp
index e90accc78..4092882ee 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -103,6 +103,7 @@
       $ssl_cert                = '/etc/mysql/server-cert.pem'
       $ssl_key                 = '/etc/mysql/server-key.pem'
       $tmpdir                  = '/tmp'
+      $managed_dirs            = undef
       # mysql::bindings
       $perl_package_name       = 'perl-DBD-MySQL'
       $php_package_name        = 'php-mysql'
@@ -172,6 +173,7 @@
       $ssl_cert            = '/etc/mysql/server-cert.pem'
       $ssl_key             = '/etc/mysql/server-key.pem'
       $tmpdir              = '/tmp'
+      $managed_dirs        = undef
       # mysql::bindings
       $java_package_name   = 'mysql-connector-java'
       $perl_package_name   = 'perl-DBD-mysql'
@@ -220,6 +222,8 @@
       $ssl_cert                = '/etc/mysql/server-cert.pem'
       $ssl_key                 = '/etc/mysql/server-key.pem'
       $tmpdir                  = '/tmp'
+      $managed_dirs            = ['tmpdir','basedir','datadir','innodb_data_home_dir','innodb_log_group_home_dir','innodb_undo_directory','innodb_tmpdir']
+
       # mysql::bindings
       if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '10') >= 0 {
         $java_package_name   = 'libmariadb-java'
@@ -267,6 +271,7 @@
       $ssl_cert                = '/etc/mysql/server-cert.pem'
       $ssl_key                 = '/etc/mysql/server-key.pem'
       $tmpdir                  = '/tmp'
+      $managed_dirs            = undef
       # mysql::bindings
       $java_package_name       = 'mysql-connector-java'
       $perl_package_name       = 'perl-dbd-mysql'
@@ -294,6 +299,7 @@
       $ssl_cert            = '/etc/mysql/server-cert.pem'
       $ssl_key             = '/etc/mysql/server-key.pem'
       $tmpdir              = '/tmp'
+      $managed_dirs        = undef
       # mysql::bindings
       $java_package_name   = 'dev-java/jdbc-mysql'
       $perl_package_name   = 'dev-perl/DBD-mysql'
@@ -321,6 +327,7 @@
       $ssl_cert            = undef
       $ssl_key             = undef
       $tmpdir              = '/tmp'
+      $managed_dirs        = undef
       # mysql::bindings
       $java_package_name   = 'databases/mysql-connector-java'
       $perl_package_name   = 'p5-DBD-mysql'
@@ -351,6 +358,7 @@
       $ssl_cert            = undef
       $ssl_key             = undef
       $tmpdir              = '/tmp'
+      $managed_dirs        = undef
       # mysql::bindings
       $java_package_name   = undef
       $perl_package_name   = 'p5-DBD-mysql'
@@ -377,6 +385,7 @@
       $ssl_cert            = undef
       $ssl_key             = undef
       $tmpdir              = '/tmp'
+      $managed_dirs        = undef
       # mysql::bindings
       $java_package_name   = undef
       $perl_package_name   = undef
@@ -408,6 +417,7 @@
           $ssl_cert            = '/etc/mysql/server-cert.pem'
           $ssl_key             = '/etc/mysql/server-key.pem'
           $tmpdir              = '/tmp'
+          $managed_dirs        = undef
           $java_package_name   = undef
           $perl_package_name   = 'perl-dbd-mysql'
           $php_package_name    = 'php7-mysqlnd'
@@ -435,6 +445,7 @@
           $ssl_cert            = '/etc/mysql/server-cert.pem'
           $ssl_key             = '/etc/mysql/server-key.pem'
           $tmpdir              = '/tmp'
+          $managed_dirs        = undef
           # mysql::bindings
           $java_package_name   = 'mysql-connector-java'
           $perl_package_name   = 'perl-DBD-MySQL'
diff --git a/manifests/server.pp b/manifests/server.pp
index 77f44b972..8c8a30f1c 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -141,7 +141,7 @@
 
   include '::mysql::server::config'
   include '::mysql::server::install'
-  include '::mysql::server::binarylog'
+  include '::mysql::server::managed_dirs'
   include '::mysql::server::installdb'
   include '::mysql::server::service'
   include '::mysql::server::root_password'
@@ -164,7 +164,7 @@
   Anchor['mysql::server::start']
   -> Class['mysql::server::config']
   -> Class['mysql::server::install']
-  -> Class['mysql::server::binarylog']
+  -> Class['mysql::server::managed_dirs']
   -> Class['mysql::server::installdb']
   -> Class['mysql::server::service']
   -> Class['mysql::server::root_password']
diff --git a/manifests/server/binarylog.pp b/manifests/server/binarylog.pp
deleted file mode 100644
index 0c5eec077..000000000
--- a/manifests/server/binarylog.pp
+++ /dev/null
@@ -1,26 +0,0 @@
-# @summary
-#   Binary log configuration requires the mysql user to be present. This must be done after package install
-#
-# @api private
-#
-class mysql::server::binarylog {
-
-  $options = $mysql::server::_options
-  $includedir = $mysql::server::includedir
-
-  $logbin = pick($options['mysqld']['log-bin'], $options['mysqld']['log_bin'], false)
-
-  if $logbin {
-    $logbindir = dirname($logbin)
-
-    #Stop puppet from managing directory if just a filename/prefix is specified
-    if $logbindir != '.' {
-      file { $logbindir:
-        ensure => directory,
-        mode   => '0755',
-        owner  => $options['mysqld']['user'],
-        group  => $options['mysqld']['user'],
-      }
-    }
-  }
-}
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
index a37e7bba8..3082cd4ff 100644
--- a/manifests/server/config.pp
+++ b/manifests/server/config.pp
@@ -7,6 +7,8 @@
 
   $options = $mysql::server::_options
   $includedir = $mysql::server::includedir
+  $managed_dirs = $mysql::server::managed_dirs
+
 
   File {
     owner  => 'root',
@@ -33,6 +35,24 @@
     }
   }
 
+  #Debian: Creating world readable directories before installing.
+  if $managed_dirs {
+    $managed_dirs.each | $entry | {
+      $dir = $options['mysqld']["${entry}"]
+      if ( $dir and $dir != '/usr' and $dir != '/tmp' ) {
+        exec {"${entry}-managed_dir-mkdir":
+          command => "/bin/mkdir -p ${dir}",
+          unless  => "/usr/bin/dpkg -s ${mysql::server::package_name}",
+          notify  =>  Exec["${entry}-managed_dir-chmod"],
+        }
+        exec {"${entry}-managed_dir-chmod":
+          command     => "/bin/chmod 777 ${dir}",
+          refreshonly => true,
+        }
+      }
+    }
+  }
+
   if $mysql::server::manage_config_file  {
     file { 'mysql-config-file':
       path                    => $mysql::server::config_file,
diff --git a/manifests/server/managed_dirs.pp b/manifests/server/managed_dirs.pp
new file mode 100644
index 000000000..c82a59220
--- /dev/null
+++ b/manifests/server/managed_dirs.pp
@@ -0,0 +1,44 @@
+# @summary
+#   Binary log configuration requires the mysql user to be present. This must be done after package install
+#
+# @api private
+#
+class mysql::server::managed_dirs {
+
+  $options = $mysql::server::_options
+  $includedir = $mysql::server::includedir
+  $managed_dirs = $mysql::server::managed_dirs
+
+  #Debian: Fix permission on directories
+  if $managed_dirs {
+    $managed_dirs_path = $managed_dirs.map |$path| { $options['mysqld']["${path}"] }
+    $managed_dirs.each | $entry | {
+      $dir = $options['mysqld']["${entry}"]
+      if ( $dir and $dir != '/usr' and $dir != '/tmp' ) {
+        file {"${entry}-managed_dir":
+          ensure => directory,
+          path   => $dir,
+          mode   => '0700',
+          owner  => $options['mysqld']['user'],
+          group  => $options['mysqld']['user'],
+        }
+      }
+    }
+  }
+
+  $logbin = pick($options['mysqld']['log-bin'], $options['mysqld']['log_bin'], false)
+
+  if $logbin {
+    $logbindir = dirname($logbin)
+
+    #Stop puppet from managing directory if just a filename/prefix is specified or is not already managed
+    if ($logbindir != '.' and !($logbindir in $managed_dirs_path)) {
+      file { $logbindir:
+        ensure => directory,
+        mode   => '0700',
+        owner  => $options['mysqld']['user'],
+        group  => $options['mysqld']['user'],
+      }
+    }
+  }
+}