diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index b3fa665..78b9b5b 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -7,4 +7,7 @@ type Args struct {
 	OpenSSL        bool
 	PlaintextNames bool
 	LongNames      bool
+	// Should we chown a file after it has been created?
+	// This only makes sense if (1) allow_other is set and (2) we run as root.
+	PreserveOwner bool
 }
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index 640c45d..9ae57fa 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -145,7 +145,12 @@ func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Conte
 			return nil, fuse.ToStatus(err)
 		}
 	}
-
+	if fs.args.PreserveOwner {
+		err = fd.Chown(int(context.Owner.Uid), int(context.Owner.Gid))
+		if err != nil {
+			tlog.Warn.Printf("PreserveOwner: Chown failed: %v", err)
+		}
+	}
 	return NewFile(fd, writeOnly, fs.contentEnc)
 }
 
diff --git a/main.go b/main.go
index b7ff97d..c87cc87 100644
--- a/main.go
+++ b/main.go
@@ -374,6 +374,11 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
 		// Settings from the config file override command line args
 		frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames)
 	}
+	// If allow_other is set and we run as root, try to give newly created files to
+	// the right user.
+	if args.allow_other && os.Getuid() == 0 {
+		frontendArgs.PreserveOwner = true
+	}
 	jsonBytes, _ := json.MarshalIndent(frontendArgs, "", "\t")
 	tlog.Debug.Printf("frontendArgs: %s", string(jsonBytes))