diff -Nur e-smith-base-5.8.0.old/root/etc/e-smith/events/actions/init-accounts e-smith-base-5.8.0/root/etc/e-smith/events/actions/init-accounts
--- e-smith-base-5.8.0.old/root/etc/e-smith/events/actions/init-accounts	2021-01-06 14:12:53.847000000 -0500
+++ e-smith-base-5.8.0/root/etc/e-smith/events/actions/init-accounts	2021-01-06 14:15:58.530000000 -0500
@@ -61,16 +61,18 @@
 # fix permissions for www and apache
 # horde does not use www / apache anymore
 #warn "failed to fix permissions for www" unless (
-#     system("/bin/rpm --setugids --setperms horde 2> /dev/null") == 0
+#     system("/bin/rpm --setugids horde 2> /dev/null") == 0
+#     );
+#     system("/bin/rpm --setperms horde 2> /dev/null") == 0
 #     );
 
-warn "failed to fix permissions for apache" unless (
-     system("/bin/rpm --setperms httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
-     );
+#order is essential there: --setugids then --setperms, or suid guid perms will be lost
 warn "failed to fix user group ids for apache" unless (
      system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
      );
-
+warn "failed to fix permissions for apache" unless (
+     system("/bin/rpm --setperms httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
+     );
 
 # delete unwanted user accounts
 foreach my $user (qw(halt shutdown sync))