diff --git a/bin/CryptoBoxRootActions b/bin/CryptoBoxRootActions
index 6c38f77..aa6d929 100755
--- a/bin/CryptoBoxRootActions
+++ b/bin/CryptoBoxRootActions
@@ -142,7 +142,7 @@ def call_event(args):
 def isWriteable(device, force_dev_type=None):
 	"""check if the calling user (not root!) has write access to the device/file
 
-	the real (not the effictive) user id is used for the check
+	the real (not the effective) user id is used for the check
 	additionally the permissions of the default groups of the real uid are checked
 	this check works nicely together with "super", as it changes (by default) only
 	the effective uid (not the real uid)
diff --git a/bin/CryptoBoxWebserver b/bin/CryptoBoxWebserver
index 960af9d..a326198 100755
--- a/bin/CryptoBoxWebserver
+++ b/bin/CryptoBoxWebserver
@@ -116,7 +116,7 @@ class CryptoBoxWebserver:
 		import pwd, grp
 		user_entry = pwd.getpwuid(self.opts.user)
 		## get the new uid and gid
-		pw_uid, pw_gid = user_entry[2], user_entry[3]
+		pw_name, pw_uid, pw_gid = user_entry[0], user_entry[2], user_entry[3]
 		## change the owner of the webserver log file
 		try:
 			os.chown(self.opts.logfile, pw_uid, pw_gid)
@@ -126,7 +126,7 @@ class CryptoBoxWebserver:
 		## calculate additional groups of the given user
 		additional_groups = [ entry[2]
 				for entry in grp.getgrall()
-				if pw_uid in entry[3] ]
+				if pw_name in entry[3] ] + [ pw_gid ]
 		return (pw_uid, pw_gid, additional_groups)
 
 
@@ -155,6 +155,21 @@ class CryptoBoxWebserver:
 			sys.stderr.write("Failed to restore privileges: %s\n" % err_msg)
 
 
+	def change_groups(self):
+		"""Change the groups of the current process to the ones of the given user
+
+		we have to do this before we call cherrypy.server.start(), as it somehow
+		remembers the current setting for any thread it will create later
+		"""
+		if self.opts.user is None:
+			return
+		(pw_uid, pw_gid, additional_groups) = self.get_user_info()
+		try:
+			os.setgroups(additional_groups)
+		except OSError, err_msg:
+			sys.stderr.write("Failed to change the groups: %s\n" % err_msg)
+
+
 	def drop_privileges_permanently(self):
 		"""Drop all privileges of the current process and acquire the privileges of the
 		given user instead.
@@ -163,7 +178,7 @@ class CryptoBoxWebserver:
 			return
 		(pw_uid, pw_gid, additional_groups) = self.get_user_info()
 		try:
-			os.setgroups(additional_groups)
+			## setgroups happened before (see 'change_groups')
 			os.setregid(pw_gid, pw_gid)
 			os.setreuid(pw_uid, pw_uid)
 		except OSError, err_msg:
@@ -173,6 +188,9 @@ class CryptoBoxWebserver:
 
 	def start(self):
 		try:
+			## first: change the groups (cherrypy.server.start stores the
+			## current setting for creating new threads later
+			self.change_groups()
 			cherrypy.server.start(initOnly=True)
 			self.drop_privileges_permanently()
 			cherrypy.server.wait_for_http_ready()