--- a/scripts/inncheck.in
+++ b/scripts/inncheck.in
@@ -1039,6 +1039,24 @@ checkperm
     die "Internal error, undefined mode in perm from ", (caller(0))[2], "\n"
 	unless (@$m);
 
+    # system files are usually owned by root
+    if ($f !~ m#^/(?:run|var)/# and
+	    $u eq $INN::Config::runasuser and $g eq $INN::Config::runasgroup) {
+	$u = 'root';
+	$g = 'root';
+    }
+
+    # binaries should be 755 (or x744 if suid or sgid)
+    if ($m->[1] & 0100 and not -d $f) {
+	$m->[1] |= $m->[1] & 06000 ? 0744 : 0755;
+    }
+    if ($f =~ m#^/etc/#) {
+	# config files must not be group writeable
+	$m->[1] &= ~0020;
+	# if they are not world readable then they must be owned by group news
+	$g = $INN::Config::runasgroup if not $m->[1] & 004;
+    }
+
     if ( ! -e $f ) {
 	eprint "$pfx$f:0: missing\n";
     }
@@ -1149,7 +1167,9 @@ check_all_perms
     checkperm($paths{'innddir'}, [0750, 0775]);
     checkperm($paths{'innbind'}, [04500, 04550], 'root', $INN::Config::runasgroup);
     foreach ( keys %prog_modes ) {
-	checkperm($paths{$_}, $prog_modes{$_});
+	my @owner;
+	@owner = ($INN::Config::runasuser, 'uucp') if $_ eq 'rnews';
+	checkperm($paths{$_}, $prog_modes{$_}, @owner);
     }
     foreach ( keys %paths ) {
 	checkperm($paths{$_}, $modes{$_})
