diff --git a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java
index 0d5f2c797d0..85b7e7f38f3 100644
--- a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java
+++ b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java
@@ -86,6 +86,9 @@ public class FileUserPasswdStore extends AbstractComponent implements UserPasswd
      * empty map is returned
      */
     public static ImmutableMap<String, char[]> parseFile(Path path, @Nullable ESLogger logger) {
+        if (logger != null) {
+            logger.trace("Reading users file located at [{}]", path);
+        }
         if (!Files.exists(path)) {
             return ImmutableMap.of();
         }
diff --git a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java
index 4e784a5266e..ea08e509fc8 100644
--- a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java
+++ b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java
@@ -79,6 +79,10 @@ public class FileUserRolesStore extends AbstractComponent implements UserRolesSt
      * an empty map is returned
      */
     public static ImmutableMap<String, String[]> parseFile(Path path, @Nullable ESLogger logger) {
+        if (logger != null) {
+            logger.trace("Reading users roles file located at [{}]", path);
+        }
+
         if (!Files.exists(path)) {
             return ImmutableMap.of();
         }
diff --git a/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java b/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
index 26e066feefc..1aa8d4d9b58 100644
--- a/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
+++ b/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
@@ -12,6 +12,7 @@ import org.elasticsearch.common.collect.ImmutableSet;
 import org.elasticsearch.common.component.AbstractComponent;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.jackson.dataformat.yaml.snakeyaml.error.YAMLException;
+import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.xcontent.XContentBuilder;
 import org.elasticsearch.common.xcontent.XContentFactory;
@@ -20,6 +21,7 @@ import org.elasticsearch.common.xcontent.yaml.YamlXContent;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.shield.authz.Permission;
 import org.elasticsearch.shield.authz.Privilege;
+import org.elasticsearch.shield.plugin.SecurityPlugin;
 import org.elasticsearch.watcher.FileChangesListener;
 import org.elasticsearch.watcher.FileWatcher;
 import org.elasticsearch.watcher.ResourceWatcherService;
@@ -57,7 +59,7 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
     public FileRolesStore(Settings settings, Environment env, ResourceWatcherService watcherService, Listener listener) {
         super(settings);
         file = resolveFile(componentSettings, env);
-        permissions = parseFile(file);
+        permissions = parseFile(file, logger);
         FileWatcher watcher = new FileWatcher(file.getParent().toFile());
         watcher.addListener(new FileListener());
         watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH);
@@ -72,12 +74,18 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
     public static Path resolveFile(Settings settings, Environment env) {
         String location = settings.get("files.roles");
         if (location == null) {
-            return env.configFile().toPath().resolve(".roles.yml");
+            File shieldDirectory = new File(env.configFile(), SecurityPlugin.NAME);
+            return shieldDirectory.toPath().resolve(".roles.yml");
         }
+
         return Paths.get(location);
     }
 
-    public static ImmutableMap<String, Permission.Global> parseFile(Path path) {
+    public static ImmutableMap<String, Permission.Global> parseFile(Path path, ESLogger logger) {
+        if (logger != null) {
+            logger.trace("Reading roles file located at [{}]", path);
+        }
+
         if (!Files.exists(path)) {
             return ImmutableMap.of();
         }
@@ -218,7 +226,7 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
         @Override
         public void onFileChanged(File file) {
             if (file.equals(FileRolesStore.this.file.toFile())) {
-                permissions = parseFile(file.toPath());
+                permissions = parseFile(file.toPath(), logger);
                 listener.onRefresh();
             }
         }
diff --git a/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java b/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java
index 09c7c7bc92f..961a3d0456a 100644
--- a/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java
+++ b/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java
@@ -42,7 +42,7 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
     @Test
     public void testParseFile() throws Exception {
         Path path = Paths.get(getClass().getResource("roles.yml").toURI());
-        Map<String, Permission.Global> roles = FileRolesStore.parseFile(path);
+        Map<String, Permission.Global> roles = FileRolesStore.parseFile(path, logger);
         assertThat(roles, notNullValue());
         assertThat(roles.size(), is(3));
 
@@ -155,7 +155,7 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
     public void testThatEmptyFileDoesNotResultInLoop() throws Exception {
         File file = tempFolder.newFile();
         com.google.common.io.Files.write("#".getBytes(Charsets.UTF_8), file);
-        Map<String, Permission.Global> roles = FileRolesStore.parseFile(file.toPath());
+        Map<String, Permission.Global> roles = FileRolesStore.parseFile(file.toPath(), logger);
         assertThat(roles.keySet(), is(empty()));
     }
 
@@ -163,6 +163,6 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
     public void testThatInvalidYAMLThrowsElasticsearchException() throws Exception {
         File file = tempFolder.newFile();
         com.google.common.io.Files.write("user: cluster: ALL indices: '.*': ALL".getBytes(Charsets.UTF_8), file);
-        FileRolesStore.parseFile(file.toPath());
+        FileRolesStore.parseFile(file.toPath(), logger);
     }
 }