diff --git a/Python/etc/crans/secrets/dhcp.py b/Python/etc/crans/secrets/dhcp.py
index cd4571f..c8d16d4 100644
--- a/Python/etc/crans/secrets/dhcp.py
+++ b/Python/etc/crans/secrets/dhcp.py
@@ -1,4 +1,8 @@
 info["perms"] = 0440
+if has("users") or has("2B"):
+    info["owner"] = "respbats"
+else:
+    info["owner"] = "root"
 info["group"] = "adm"
 import dhcp
 
diff --git a/Python/etc/crans/secrets/secrets.py b/Python/etc/crans/secrets/secrets.py
index 23508c8..84f26ca 100644
--- a/Python/etc/crans/secrets/secrets.py
+++ b/Python/etc/crans/secrets/secrets.py
@@ -1,9 +1,6 @@
 info["perms"] = 0440
 if has("users") or has("2B"):
     info["owner"] = "respbats"
-elif has("rouge"):
-    # XXX: kludge pour facture.py (paypal)
-    info["owner"] = "intranet"
 else:
     info["owner"] = "root"
 info["group"] = "adm"
diff --git a/Rules/secrets.xml b/Rules/secrets.xml
index 24da192..71c1204 100644
--- a/Rules/secrets.xml
+++ b/Rules/secrets.xml
@@ -3,6 +3,6 @@
   <Group name="secrets-acl">
    <Action name="setfacl-secrets" timing="post"
      when="modified" status="check"
-     command="setfacl -m u:www-data:rx /etc/crans/secrets; setfacl -m u:www-data:r /etc/crans/secrets/secrets.py"/>
+     command="setfacl -m u:www-data:rx /etc/crans/secrets; setfacl -m u:www-data:r /etc/crans/secrets/secrets.py /etc/crans/secrets/dhcp.py"/>
   </Group>
 </Rules>