diff --git a/changelog.d/20241121_111554_phil-FC-41917_fix-rabbitmq-cookie-logic_scriv.md b/changelog.d/20241121_111554_phil-FC-41917_fix-rabbitmq-cookie-logic_scriv.md
new file mode 100644
index 000000000..9f651ec01
--- /dev/null
+++ b/changelog.d/20241121_111554_phil-FC-41917_fix-rabbitmq-cookie-logic_scriv.md
@@ -0,0 +1,21 @@
+<!--
+
+A new changelog entry.
+
+Delete placeholder items that do not apply. Empty sections will be removed
+automatically during release.
+
+Leave the XX.XX as is: this is a placeholder and will be automatically filled
+correctly during the release and helps when backporting over multiple platform
+branches.
+
+-->
+
+### Impact
+
+
+### NixOS XX.XX platform
+
+- Fix permissions for some platform logic that creates a `.erlang.cookie` for rabbitmq which would previously cause a failure when starting the service.
+  The problem was caused due to insufficient write permissions when attempting to write the cookie after rabbitmq's first startup.
+  During first startup, rabbimq generates a random cookie, writes it to the appropriate file and sets that file to be read-only.
diff --git a/nixos/services/rabbitmq/default.nix b/nixos/services/rabbitmq/default.nix
index c5db55d42..62715dff6 100644
--- a/nixos/services/rabbitmq/default.nix
+++ b/nixos/services/rabbitmq/default.nix
@@ -226,8 +226,7 @@ in {
 
       preStart = ''
         ${optionalString (cfg.cookie != "") ''
-            echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie
-            chmod 600 ${cfg.dataDir}/.erlang.cookie
+            install -m 400 <(echo -n ${cfg.cookie}) ${cfg.dataDir}/.erlang.cookie
         ''}
       '';
     };