diff --git a/lib/perl/OVH/Bastion/Helper.pm b/lib/perl/OVH/Bastion/Helper.pm
index 63f9434..d01f0a5 100644
--- a/lib/perl/OVH/Bastion/Helper.pm
+++ b/lib/perl/OVH/Bastion/Helper.pm
@@ -80,6 +80,8 @@ sub get_lock_fh {
 
     return R('ERR_MISSING_PARAMETER', msg => "Missing category in get_lock_fh") if !$category;
 
+    my $lockdirPerm = 0700;
+    my $lockfileSharedAll = 0;
     my ($lockdir, $lockfile, $lockdircreate);
     if ($category eq 'passwd') {
         $lockdir       = "/tmp/bastion.lock.passwd";
@@ -101,6 +103,8 @@ sub get_lock_fh {
         $lockdir       = "/tmp/bastion.lock.portallocation";
         $lockfile      = "$lockdir/lock";
         $lockdircreate = 1;
+        $lockdirPerm   = 0755; # allowkeeper and group-aclkeeper must be able to read it
+        $lockfileSharedAll = 1;
     }
     else {
         return R('ERR_INVALID_PARAMETER', msg => "Unknown category '$category' in get_lock_fh");
@@ -113,7 +117,7 @@ sub get_lock_fh {
         unlink $lockdir;    # will silently fail if doesn't exist or is not a file
         mkdir $lockdir;     # will silently fail if we lost the race
         chown 0, 0, $lockdir;
-        chmod 0700, $lockdir;
+        chmod $lockdirPerm, $lockdir;
 
         # now, check if we do have a directory, or if we lost the race
         if (!-d $lockdir) {
@@ -122,10 +126,22 @@ sub get_lock_fh {
         }
         # here, $lockdir is guaranteed to be a directory, check its perms
         my @perms = stat($lockdir);
-        if ($perms[4] != $< || $perms[5] != $( || S_IMODE($perms[2]) != oct(700)) {
-            warn_syslog("The $lockdir directory has invalid perms: are we being raced against? mode="
-                  . sprintf("%04o", S_IMODE($perms[2])));
-            return R('ERR_CANNOT_LOCK', msg => "Couldn't create lock file, please retry");
+        
+        if ($lockfileSharedAll) {
+            # For shared locks, only check the file mode, not ownership
+            if (S_IMODE($perms[2]) != $lockdirPerm) {
+                warn_syslog("The $lockdir directory has invalid perms: are we being raced against? mode="
+                      . sprintf("%04o", S_IMODE($perms[2])));
+                return R('ERR_CANNOT_LOCK', msg => "Couldn't create lock file, please retry");
+            }
+        }
+        else {
+            # For non-shared locks, check ownership and mode
+            if ($perms[4] != $< || $perms[5] != $( || S_IMODE($perms[2]) != $lockdirPerm) {
+                warn_syslog("The $lockdir directory has invalid perms: are we being raced against? mode="
+                      . sprintf("%04o", S_IMODE($perms[2])));
+                return R('ERR_CANNOT_LOCK', msg => "Couldn't create lock file, please retry");
+            }
         }
     }
 
@@ -145,6 +161,11 @@ sub get_lock_fh {
     if (!open($fh, '>>', $lockfile)) {
         return R('ERR_CANNOT_LOCK', msg => "Couldn't create lock file, please retry");
     }
+
+    if ($lockfileSharedAll) {
+        chmod 0777, $lockfile;
+    }
+
     return R('OK', value => $fh);
 }