diff --git a/README.md b/README.md
index 4968146..cc6fc65 100644
--- a/README.md
+++ b/README.md
@@ -329,4 +329,5 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **08.01.26:** - Improve permission fixing.
 * **31.10.25:** - Initial Release.
diff --git a/readme-vars.yml b/readme-vars.yml
index 812b784..fc280ab 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -74,4 +74,5 @@ init_diagram: |
   "sealskin:latest" <- Base Images
 # changelog
 changelogs:
+  - {date: "08.01.26:", desc: "Improve permission fixing."}
   - {date: "31.10.25:", desc: "Initial Release."}
diff --git a/root/etc/s6-overlay/s6-rc.d/init-sealskin/run b/root/etc/s6-overlay/s6-rc.d/init-sealskin/run
index 1383ab0..831274f 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-sealskin/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-sealskin/run
@@ -1,26 +1,24 @@
 #!/usr/bin/with-contenv bash
 
+mkdir -p /config/ssl
+
 # create self signed cert
 if [ ! -f "/config/ssl/proxy_key.pem" ]; then
-  mkdir -p /config/ssl
   openssl req -new -x509 \
     -days 3650 -nodes \
     -out /config/ssl/proxy_cert.pem \
     -keyout /config/ssl/proxy_key.pem \
     -subj "/C=US/ST=CA/L=Carlsbad/O=Linuxserver.io/OU=LSIO Server/CN=*"
   chmod 600 /config/ssl/proxy_key.pem
-  chown -R abc:abc /config/ssl
 fi
 
 # generate server key
 if [ ! -f "/config/ssl/server_key.pem" ]; then
-  mkdir -p /config/ssl
   openssl genpkey \
     -algorithm RSA \
     -out /config/ssl/server_key.pem \
     -pkeyopt rsa_keygen_bits:4096
   chmod 600 /config/ssl/server_key.pem
-  chown -R abc:abc /config/ssl
 fi
 
 # docker socket perms
@@ -45,5 +43,6 @@ if [ -S "${DOCKER_SOCK_PATH}" ]; then
 fi
 
 # perms
-chown abc:abc /sealskin.zip
-chown abc:abc /storage
+lsiown abc:abc /sealskin.zip
+lsiown abc:abc /storage
+lsiown -R abc:abc /config
diff --git a/root/etc/s6-overlay/s6-rc.d/svc-sealskin/run b/root/etc/s6-overlay/s6-rc.d/svc-sealskin/run
index dafb0e5..93c5c24 100755
--- a/root/etc/s6-overlay/s6-rc.d/svc-sealskin/run
+++ b/root/etc/s6-overlay/s6-rc.d/svc-sealskin/run
@@ -1,5 +1,7 @@
 #!/usr/bin/with-contenv bash
 
+cd /opt/sealskin/server
+
 # Run SealSkin
 exec s6-setuidgid abc \
-  bash -c 'cd /opt/sealskin/server && python3 main.py'
+  python3 main.py