diff --git a/bin/CryptoBoxWebserver b/bin/CryptoBoxWebserver
index bcad4d6..f5637ae 100755
--- a/bin/CryptoBoxWebserver
+++ b/bin/CryptoBoxWebserver
@@ -80,18 +80,6 @@ class CryptoBoxWebserver:
 			sys.exit(1)
 		## store the absolute path as we will chdir later (for daemons)
 		self.conffile = os.path.realpath(opts.conffile)
-		## drop privileges to run the cryptobox without root permissions
-		self.drop_privileges_temporarily()
-		## initialize site class
-		try:
-			cherrypy.root = cryptobox.web.sites.WebInterfaceSites(self.conffile)
-			self.website = cherrypy.root
-		except (CBConfigError,CBEnvironmentError), err_msg:
-			sys.stderr.write("Error: the CryptoBox is misconfigured - please fix it!\n")
-			sys.stderr.write("%s\n" % str(err_msg))
-			sys.exit(1)
-		## restore privileges, as we need them to connect to a low socket (<1024)
-		self.restore_privileges()
 		## expose static content and set options
 		## beware: 
 		cherrypy.config.update({
@@ -109,8 +97,19 @@ class CryptoBoxWebserver:
 			"/favicon.ico": { 
 					"staticFilter.on" : True, 
 					"staticFilter.file": os.path.realpath(os.path.join(opts.datadir, 'favicon.ico'))}
-
 			})
+		## drop privileges to run the cryptobox without root permissions
+		self.drop_privileges_temporarily()
+		## initialize site class
+		try:
+			cherrypy.root = cryptobox.web.sites.WebInterfaceSites(self.conffile)
+			self.website = cherrypy.root
+		except (CBConfigError,CBEnvironmentError), err_msg:
+			sys.stderr.write("Error: the CryptoBox is misconfigured - please fix it!\n")
+			sys.stderr.write("%s\n" % str(err_msg))
+			sys.exit(1)
+		## restore privileges, as we need them to connect to a low socket (<1024)
+		self.restore_privileges()
 
 
 	def get_user_info(self):
diff --git a/bin/run_webserver.sh b/bin/run_webserver.sh
index c097b42..6e5bb8c 100755
--- a/bin/run_webserver.sh
+++ b/bin/run_webserver.sh
@@ -8,6 +8,8 @@
 # change your local settings in "cryptobox-local.conf" - if this file
 # does not exist, then "cryptobox.conf" is used
 #
+# the environment variable PORT may override the default (8080)
+#
 # BEWARE: the super.tab entry must be named "CryptoBoxRootActionsLocal" instead of
 #	"CryptoBoxRootActions" (useful for development)
 #
@@ -49,7 +51,7 @@ cd "$BIN_DIR"
 disable_filecheck
 
 ## run the webserver
-"$BIN_DIR/CryptoBoxWebserver" --config="$CONFIG_FILE" --pidfile=/tmp/cryptoboxwebserver.pid --logfile=/tmp/cryptoboxwebserver.log --port=8080 --datadir="$BIN_DIR/../www-data" "$@"
+"$BIN_DIR/CryptoBoxWebserver" --config="$CONFIG_FILE" --pidfile=/tmp/cryptoboxwebserver.pid --logfile=/tmp/cryptoboxwebserver.log --port=${PORT:-8080} --datadir="$BIN_DIR/../www-data" "$@"
 
 # enable strict security checks of CryptoBoxRootActions again
 enable_filecheck