diff --git a/src/server/config.rs b/src/server/config.rs
index cdaa5acd..045a5978 100644
--- a/src/server/config.rs
+++ b/src/server/config.rs
@@ -139,6 +139,7 @@ impl ApiConfig {
 
         let logger_options = FileLogOptions {
             append: true,
+            owned_by_backup: true,
             ..Default::default()
         };
         self.request_log = Some(Mutex::new(FileLogger::new(&path, logger_options)?));
diff --git a/src/tools/file_logger.rs b/src/tools/file_logger.rs
index e0735b98..cfd43401 100644
--- a/src/tools/file_logger.rs
+++ b/src/tools/file_logger.rs
@@ -38,6 +38,10 @@ pub struct FileLogOptions {
     pub to_stdout: bool,
     /// Prefix messages logged to the file with the current local time as RFC 3339
     pub prefix_time: bool,
+    /// if set, the file is tried to be chowned by the backup:backup user/group
+    /// Note, this is not designed race free as anybody could set it to another user afterwards
+    /// anyway. It must thus be used by all processes which doe not run as backup uid/gid.
+    pub owned_by_backup: bool,
 }
 
 #[derive(Debug)]
@@ -65,7 +69,12 @@ impl FileLogger {
             .append(options.append)
             .create_new(options.exclusive)
             .create(!options.exclusive)
-            .open(file_name)?;
+            .open(&file_name)?;
+
+        if options.owned_by_backup {
+            let backup_user = crate::backup::backup_user()?;
+            nix::unistd::chown(file_name.as_ref(), Some(backup_user.uid), Some(backup_user.gid))?;
+        }
 
         Ok(Self { file, options })
     }