diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml
index bef5b69183..5b57310cf6 100644
--- a/roles/pagure/frontend/tasks/main.yml
+++ b/roles/pagure/frontend/tasks/main.yml
@@ -159,8 +159,6 @@
       group: paguremirroring
       shell: /bin/nologin
       home: /srv/mirror
-      groups: git
-      append: yes
   when: env == 'pagure-staging'
   tags:
   - pagure
@@ -321,6 +319,13 @@
   notify:
   - restart apache
 
+- name: let paguremirroring read the pagure config
+  command: /usr/bin/setfacl -dm user:paguremirroring:rx /etc/pagure/pagure.cfg
+  when: env == 'pagure-staging'
+  tags:
+  - pagure
+  - mirror
+
 - name: Add default facl so apache can read git repos
   acl: default=yes etype=user entity=apache permissions="rx" name=/srv/git state=present
   register: acl_updates