diff --git a/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/debian/changelog b/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/debian/changelog
index 3257bac..d4d0f96 100644
--- a/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/debian/changelog
+++ b/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/debian/changelog
@@ -1,3 +1,9 @@
+univention-config-registry (9.0.6-5) unstable; urgency=low
+
+  * Fix atomic write to preserve old file permission (Bug #340xx)
+
+ -- Philipp Hahn <hahn@univention.de>  Tue, 04 Mar 2014 10:52:50 +0100
+
 univention-config-registry (9.0.6-4) unstable; urgency=low
 
   * Atomic write: Improve code and error handling (Bug #33842)
diff --git a/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/python/univention/config_registry/handler.py b/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/python/univention/config_registry/handler.py
index f5d79b4..da144fa 100644
--- a/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/python/univention/config_registry/handler.py
+++ b/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/python/univention/config_registry/handler.py
@@ -213,9 +213,18 @@ class ConfigHandlerDiverting(ConfigHandler):
 		"""Set file permissions."""
 		if not to_file:
 			to_file = self.to_file
+		elif self.to_file != to_file:
+			try:
+				old_stat = os.stat(self.to_file)
+				os.chmod(to_file, old_stat.st_mode)
+				os.chown(to_file, old_stat.st_uid, old_stat.st_gid)
+			except EnvironmentError:
+				pass
+
 		if self.user or self.group or self.mode:
 			if self.mode:
 				os.chmod(to_file, self.mode)
+
 			if self.user and self.group:
 				os.chown(to_file, self.user, self.group)
 			elif self.user:
@@ -223,7 +232,7 @@ class ConfigHandlerDiverting(ConfigHandler):
 			elif self.group:
 				os.chown(to_file, 0, self.group)
 		elif stat:
-			os.chmod(to_file, stat[0])
+			os.chmod(to_file, stat.st_mode)
 
 	def _call_silent(self, *cmd):
 		"""Call command with stdin, stdout, and stderr redirected from/to
@@ -341,7 +350,7 @@ class ConfigHandlerMultifile(ConfigHandlerDiverting):
 			if os.path.exists(tmp_to_file):
 				os.unlink(tmp_to_file)
 			raise
-			
+
 
 		if hasattr(self, 'postinst') and self.postinst:
 			run_module(self.postinst, 'postinst', ucr, changed)
diff --git a/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/debian/changelog b/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/debian/changelog
index e3cd051..2654334 100644
--- a/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/debian/changelog
+++ b/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/debian/changelog
@@ -1,3 +1,9 @@
+ucs-test (4.0.161-39) unstable; urgency=low
+
+  * 03ucr: Fix atomic commit tests to keep manual changes (Bug #340xx)
+
+ -- Philipp Hahn <hahn@univention.de>  Tue,  4 Mar 2014 12:17:22 +0100
+
 ucs-test (4.0.161-38) unstable; urgency=low
 
   * 03ucr: Add atomic commit tests (Bug #33842)
diff --git a/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/tests/03_ucr/51file_permissions b/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/tests/03_ucr/51file_permissions
index 4a6b2d2..6c74578 100755
--- a/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/tests/03_ucr/51file_permissions
+++ b/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/tests/03_ucr/51file_permissions
@@ -15,11 +15,15 @@
 umask 0002
 
 ID="ucs-test-33842"
-OWNER="nobody"
-GROUP="nogroup"
+OWNER_FORCE="nobody"
+OWNER_TEMPLATE="daemon"
+OWNER="root"
+GROUP_FORCE="nogroup"
+GROUP_TEMPLATE="daemon"
+GROUP="root"
 MODE_FORCE=0400
 MODE_TEMPLATE=0660
-MODE_UMASK=$(printf "%04o" $((0666 & ~$(umask))))
+MODE=$(printf "%04o" $((0666 & ~$(umask))))
 
 main () {
 	declare -i result=0
@@ -44,6 +48,7 @@ create_templates () {
 		rm -f "$template"
 		touch "$template"
 		chmod "$MODE_TEMPLATE" "$template"
+		chown "${OWNER_TEMPLATE}:${GROUP_TEMPLATE}" "$template"
 	done
 }
 register_ucr () {
@@ -53,16 +58,16 @@ File: tmp/$ID-f0
 
 Type: file
 File: tmp/$ID-f1
-User: $OWNER
+User: $OWNER_FORCE
 
 Type: file
 File: tmp/$ID-f2
-Group: $GROUP
+Group: $GROUP_FORCE
 
 Type: file
 File: tmp/$ID-f3
-User: $OWNER
-Group: $GROUP
+User: $OWNER_FORCE
+Group: $GROUP_FORCE
 
 Type: file
 File: tmp/$ID-f4
@@ -70,18 +75,18 @@ Mode: $MODE_FORCE
 
 Type: file
 File: tmp/$ID-f5
-User: $OWNER
+User: $OWNER_FORCE
 Mode: $MODE_FORCE
 
 Type: file
 File: tmp/$ID-f6
-Group: $GROUP
+Group: $GROUP_FORCE
 Mode: $MODE_FORCE
 
 Type: file
 File: tmp/$ID-f7
-User: $OWNER
-Group: $GROUP
+User: $OWNER_FORCE
+Group: $GROUP_FORCE
 Mode: $MODE_FORCE
 
 Type: multifile
@@ -89,16 +94,16 @@ Multifile: tmp/$ID-m0
 
 Type: multifile
 Multifile: tmp/$ID-m1
-User: $OWNER
+User: $OWNER_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-m2
-Group: $GROUP
+Group: $GROUP_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-m3
-User: $OWNER
-Group: $GROUP
+User: $OWNER_FORCE
+Group: $GROUP_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-m4
@@ -106,18 +111,18 @@ Mode: $MODE_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-m5
-User: $OWNER
+User: $OWNER_FORCE
 Mode: $MODE_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-m6
-Group: $GROUP
+Group: $GROUP_FORCE
 Mode: $MODE_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-m7
-User: $OWNER
-Group: $GROUP
+User: $OWNER_FORCE
+Group: $GROUP_FORCE
 Mode: $MODE_FORCE
 
 Type: multifile
@@ -125,16 +130,16 @@ Multifile: tmp/$ID-d0
 
 Type: multifile
 Multifile: tmp/$ID-d1
-User: $OWNER
+User: $OWNER_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-d2
-Group: $GROUP
+Group: $GROUP_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-d3
-User: $OWNER
-Group: $GROUP
+User: $OWNER_FORCE
+Group: $GROUP_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-d4
@@ -142,18 +147,18 @@ Mode: $MODE_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-d5
-User: $OWNER
+User: $OWNER_FORCE
 Mode: $MODE_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-d6
-Group: $GROUP
+Group: $GROUP_FORCE
 Mode: $MODE_FORCE
 
 Type: multifile
 Multifile: tmp/$ID-d7
-User: $OWNER
-Group: $GROUP
+User: $OWNER_FORCE
+Group: $GROUP_FORCE
 Mode: $MODE_FORCE
 
 Type: subfile
@@ -229,34 +234,34 @@ verify_all () {
 	verify_multi_file_template_with_dummy_file
 }
 verify_single_file_template () {
-	verify "/tmp/$ID-f0" "$MODE_TEMPLATE"	root	root	# default=template_file
-	verify "/tmp/$ID-f1" "$MODE_UMASK"	"$OWNER"	root	# owner
-	verify "/tmp/$ID-f2" "$MODE_UMASK"	root	"$GROUP"	# group
-	verify "/tmp/$ID-f3" "$MODE_UMASK"	"$OWNER"	"$GROUP"	# owner group
-	verify "/tmp/$ID-f4" "$MODE_FORCE"	root	root	# mode
-	verify "/tmp/$ID-f5" "$MODE_FORCE"	"$OWNER"	root	# mode owner
-	verify "/tmp/$ID-f6" "$MODE_FORCE"	root	"$GROUP"	# mode group
-	verify "/tmp/$ID-f7" "$MODE_FORCE"	"$OWNER"	"$GROUP"	# mode owner group
+	verify "/tmp/$ID-f0" "$MODE_TEMPLATE"	"$OWNER"	"$GROUP"	# default=template_file
+	verify "/tmp/$ID-f1" "$MODE"	"$OWNER_FORCE"	root	# owner
+	verify "/tmp/$ID-f2" "$MODE"	root	"$GROUP_FORCE"	# group
+	verify "/tmp/$ID-f3" "$MODE"	"$OWNER_FORCE"	"$GROUP_FORCE"	# owner group
+	verify "/tmp/$ID-f4" "$MODE_FORCE"	"$OWNER"	"$GROUP"	# mode
+	verify "/tmp/$ID-f5" "$MODE_FORCE"	"$OWNER_FORCE"	root	# mode owner
+	verify "/tmp/$ID-f6" "$MODE_FORCE"	root	"$GROUP_FORCE"	# mode group
+	verify "/tmp/$ID-f7" "$MODE_FORCE"	"$OWNER_FORCE"	"$GROUP_FORCE"	# mode owner group
 }
 verify_multi_file_template_without_dummy_file () {
-	verify "/tmp/$ID-m0" "$MODE_UMASK"	root	root	# default=umask
-	verify "/tmp/$ID-m1" "$MODE_UMASK"	"$OWNER"	root	# owner
-	verify "/tmp/$ID-m2" "$MODE_UMASK"	root	"$GROUP"	# group
-	verify "/tmp/$ID-m3" "$MODE_UMASK"	"$OWNER"	"$GROUP"	# owner group
-	verify "/tmp/$ID-m4" "$MODE_FORCE"	root	root	# mode
-	verify "/tmp/$ID-m5" "$MODE_FORCE"	"$OWNER"	root	# mode owner
-	verify "/tmp/$ID-m6" "$MODE_FORCE"	root	"$GROUP"	# mode group
-	verify "/tmp/$ID-m7" "$MODE_FORCE"	"$OWNER" "$GROUP"	# mode owner group
+	verify "/tmp/$ID-m0" "$MODE"	"$OWNER"	"$GROUP"	# default=umask
+	verify "/tmp/$ID-m1" "$MODE"	"$OWNER_FORCE"	root	# owner
+	verify "/tmp/$ID-m2" "$MODE"	root	"$GROUP_FORCE"	# group
+	verify "/tmp/$ID-m3" "$MODE"	"$OWNER_FORCE"	"$GROUP_FORCE"	# owner group
+	verify "/tmp/$ID-m4" "$MODE_FORCE"	"$OWNER"	"$GROUP"	# mode
+	verify "/tmp/$ID-m5" "$MODE_FORCE"	"$OWNER_FORCE"	root	# mode owner
+	verify "/tmp/$ID-m6" "$MODE_FORCE"	root	"$GROUP_FORCE"	# mode group
+	verify "/tmp/$ID-m7" "$MODE_FORCE"	"$OWNER_FORCE" "$GROUP_FORCE"	# mode owner group
 }
 verify_multi_file_template_with_dummy_file () {
-	verify "/tmp/$ID-d0" "$MODE_TEMPLATE"	root	root	# default=dummy_file
-	verify "/tmp/$ID-d1" "$MODE_UMASK"	"$OWNER"	root	# owner
-	verify "/tmp/$ID-d2" "$MODE_UMASK"	root	"$GROUP"	# group
-	verify "/tmp/$ID-d3" "$MODE_UMASK"	"$OWNER"	"$GROUP"	# owner group
-	verify "/tmp/$ID-d4" "$MODE_FORCE"	root	root	# mode
-	verify "/tmp/$ID-d5" "$MODE_FORCE"	"$OWNER"	root	# mode owner
-	verify "/tmp/$ID-d6" "$MODE_FORCE"	root	"$GROUP"	# mode group
-	verify "/tmp/$ID-d7" "$MODE_FORCE"	"$OWNER" "$GROUP"	# mode owner group
+	verify "/tmp/$ID-d0" "$MODE_TEMPLATE"	"$OWNER"	"$GROUP"	# default=dummy_file
+	verify "/tmp/$ID-d1" "$MODE"	"$OWNER_FORCE"	root	# owner
+	verify "/tmp/$ID-d2" "$MODE"	root	"$GROUP_FORCE"	# group
+	verify "/tmp/$ID-d3" "$MODE"	"$OWNER_FORCE"	"$GROUP_FORCE"	# owner group
+	verify "/tmp/$ID-d4" "$MODE_FORCE"	"$OWNER"	"$GROUP"	# mode
+	verify "/tmp/$ID-d5" "$MODE_FORCE"	"$OWNER_FORCE"	root	# mode owner
+	verify "/tmp/$ID-d6" "$MODE_FORCE"	root	"$GROUP_FORCE"	# mode group
+	verify "/tmp/$ID-d7" "$MODE_FORCE"	"$OWNER_FORCE" "$GROUP_FORCE"	# mode owner group
 }
 verify () { # $1=name $2=mode $3=owner $4=group
 	local filename="$1" mode="$2" owner="$3" group="$4" IFS="	" fail=
@@ -275,9 +280,12 @@ verify () { # $1=name $2=mode $3=owner $4=group
 }
 
 re_commit () {
-	MODE_UMASK=0664
-	chmod "$MODE_UMASK" "/tmp/$ID-"[smd][0-7]
-	ucr commit "/tmp/$ID-"[smd][0-7]
+	OWNER="bin"
+	GROUP="bin"
+	MODE=0664
+	chmod "$MODE" "/tmp/$ID-"[fmd][0-7]
+	chown "${OWNER}:${GROUP}" "/tmp/$ID-"[fmd][0-7]
+	ucr commit "/tmp/$ID-"[fmd][0-7]
 }
 
 cleanup () {