--- a/scripts/inncheck.in
+++ b/scripts/inncheck.in
@@ -1076,6 +1076,24 @@ sub checkperm {
     die "Internal error, undefined mode in perm from ", (caller(0))[2], "\n"
       unless (@$m);
 
+    # system files are usually owned by root
+    if ($f !~ m#^/(?:run|var)/# and
+	    $u eq $INN::Config::runasuser and $g eq $INN::Config::runasgroup) {
+	$u = 'root';
+	$g = 'root';
+    }
+
+    # binaries should be 755 (or x744 if suid or sgid)
+    if ($m->[1] & 0100 and not -d $f) {
+	$m->[1] |= $m->[1] & 06000 ? 0744 : 0755;
+    }
+    if ($f =~ m#^/etc/#) {
+	# config files must not be group writeable
+	$m->[1] &= ~0020;
+	# if they are not world readable then they must be owned by group news
+	$g = $INN::Config::runasgroup if not $m->[1] & 004;
+    }
+
     if (!-e $f) {
         eprint "$pfx$f:0: missing\n";
     } else {
@@ -1183,7 +1201,9 @@ sub check_all_perms {
         $INN::Config::runasgroup
     );
     foreach (keys %prog_modes) {
-        checkperm($paths{$_}, $prog_modes{$_});
+        my @owner;
+        @owner = ($INN::Config::runasuser, 'uucp') if $_ eq 'rnews';
+        checkperm($paths{$_}, $prog_modes{$_}, @owner);
     }
     foreach (keys %paths) {
         checkperm($paths{$_}, $modes{$_})
