diff --git a/roles/fas_server/templates/fas.cfg.j2 b/roles/fas_server/templates/fas.cfg.j2
index 41ab8cb4cf..bd8801ad5c 100644
--- a/roles/fas_server/templates/fas.cfg.j2
+++ b/roles/fas_server/templates/fas.cfg.j2
@@ -76,9 +76,9 @@ ipa_sync_certfile = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'
 
 # Usernames that are unavailable for fas allocation
 {% if env == "staging" %}
-username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,axk4545,bin,board,bodhi,bodhi2,canna,census,chair,chairman,containerbuild,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fas_sync,fax,fedora,fedorarewards,fesco,freemedia,freshmaker,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,jwf,keys,kojiadmin,ldap,legal,logo,lp,m8y,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix"
+username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,axk4545,bin,board,bodhi,bodhi2,canna,census,chair,chairman,containerbuild,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fas_sync,fax,fedora,fedorarewards,fesco,freemedia,freshmaker,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,grokmirror,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,jwf,keys,kojiadmin,ldap,legal,logo,lp,m8y,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix"
 {% else %}
-username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,axk4545,bin,board,bodhi,bodhi2,canna,census,chair,chairman,containerbuild,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fax,fedora,fedorarewards,fesco,freemedia,freshmaker,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,jwf,keys,kojiadmin,ldap,legal,logo,lp,m8y,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix"
+username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,axk4545,bin,board,bodhi,bodhi2,canna,census,chair,chairman,containerbuild,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fax,fedora,fedorarewards,fesco,freemedia,freshmaker,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,grokmirror,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,jwf,keys,kojiadmin,ldap,legal,logo,lp,m8y,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix"
 {% endif %}
 email_domain_blacklist = "{{ fas_blocked_emails }}"
 
diff --git a/roles/grokmirror_mirror/tasks/main.yml b/roles/grokmirror_mirror/tasks/main.yml
index d95c2d331f..41deb95964 100644
--- a/roles/grokmirror_mirror/tasks/main.yml
+++ b/roles/grokmirror_mirror/tasks/main.yml
@@ -8,8 +8,16 @@
   tags:
   - grokmirror-mirror
 
+- name: create grokmirror user to own mirrored file and run scripts
+  user: name=grokmirror
+
 - name: create directory to mirror repos to
-  file: dest={{grokmirror_topdir}} mode=0755 state=directory
+  file: dest={{grokmirror_topdir}} mode=0755 state=directory owner=grokmirror
+  tags:
+  - grokmirror-mirror
+
+- name: create directory to mirror site to
+  file: dest={{grokmirror_topdir}}/src.fedoraproject.org mode=0755 state=directory owner=grokmirror
   tags:
   - grokmirror-mirror
 
diff --git a/roles/grokmirror_mirror/templates/fsck.conf b/roles/grokmirror_mirror/templates/fsck.conf
index cefb17eaec..87a15925bd 100644
--- a/roles/grokmirror_mirror/templates/fsck.conf
+++ b/roles/grokmirror_mirror/templates/fsck.conf
@@ -9,7 +9,7 @@ toplevel = {{ grokmirror_topdir }}/src.fedoraproject.org
 #
 # Where do we put the logs?
 #log = /var/log/mirror/kernelorg-fsck.log
-log = /var/log/grokmirror/src.fedoraproject.org-fsck.log
+log = {{ grokmirror_topdir }}/src.fedoraproject.org/src.fedoraproject.org-fsck.log
 #
 # Log level can be "info" or "debug"
 #loglevel = info
diff --git a/roles/grokmirror_mirror/templates/grokfsck.cron b/roles/grokmirror_mirror/templates/grokfsck.cron
index de33b86f91..84a4d7dd0e 100644
--- a/roles/grokmirror_mirror/templates/grokfsck.cron
+++ b/roles/grokmirror_mirror/templates/grokfsck.cron
@@ -1 +1 @@
-#00 02 * * * root /usr/bin/grok-fsck -c {{ grokmirror_topdir }}/fsck.conf
+#00 02 * * * grokmirror /usr/bin/grok-fsck -c {{ grokmirror_topdir }}/fsck.conf
diff --git a/roles/grokmirror_mirror/templates/grokmirror.cron b/roles/grokmirror_mirror/templates/grokmirror.cron
index ed0320dd0e..0d9a5ee0c1 100644
--- a/roles/grokmirror_mirror/templates/grokmirror.cron
+++ b/roles/grokmirror_mirror/templates/grokmirror.cron
@@ -1 +1 @@
-#* * * * * root /usr/bin/grok-pull -p -c {{ grokmirror_topdir }}/repos.conf
+#* * * * * grokmirror /usr/bin/grok-pull -p -c {{ grokmirror_topdir }}/repos.conf
diff --git a/roles/grokmirror_mirror/templates/repos.conf b/roles/grokmirror_mirror/templates/repos.conf
index dfe72194fc..03698775a3 100644
--- a/roles/grokmirror_mirror/templates/repos.conf
+++ b/roles/grokmirror_mirror/templates/repos.conf
@@ -70,7 +70,7 @@ default_owner = Grokmirror User
 #
 # Where do we put the logs?
 #log = /var/log/mirror/kernelorg.log
-log = /var/log/grokmirror/src.fedoraproject.org.log
+log = {{ grokmirror_topdir }}/src.fedoraproject.org/src.fedoraproject.org.log
 #
 # Log level can be "info" or "debug"
 #loglevel = info