diff --git a/src/addclub.c b/src/addclub.c
index becc7dc..37da57d 100644
--- a/src/addclub.c
+++ b/src/addclub.c
@@ -45,6 +45,7 @@ int addclub() {
     int krb_ok, user_ok, group_ok, sudo_ok, home_ok, quota_ok;
     int id;
     char homedir[1024];
+    char acl_s[1024], dacl_s[1024];
     acl_t acl = NULL, dacl = NULL;
 
     logmsg("adding uid=%s cn=%s by %s", userid, name, user);
@@ -56,17 +57,6 @@ int addclub() {
         deny("user %s already exists", userid);
 
     snprintf(homedir, sizeof(homedir), "%s/%s", club_home, userid);
-
-    acl = acl_from_text(club_home_acl);
-    if (acl == NULL)
-        fatalpe("Unable to parse club_home_acl");
-
-    if (*club_home_acl) {
-        dacl = acl_from_text(club_home_dacl);
-        if (dacl == NULL)
-            fatalpe("Unable to parse club_home_dacl");
-    }
-
     ceo_krb5_init();
     ceo_ldap_init();
     ceo_kadm_init();
@@ -77,6 +67,20 @@ int addclub() {
     if ((id = ceo_new_uid(member_min_id, member_max_id)) <= 0)
         fatal("no available uids in range [%d, %d]", member_min_id, member_max_id);
 
+    snprintf(acl_s, sizeof(acl_s), club_home_acl, id);
+
+    acl = acl_from_text(acl_s);
+    if (acl == NULL)
+        fatalpe("Unable to parse club_home_acl");
+
+    if (*club_home_dacl) {
+        snprintf(dacl_s, sizeof(dacl_s), club_home_dacl, id);
+        dacl = acl_from_text(dacl_s);
+        if (dacl == NULL)
+            fatalpe("Unable to parse club_home_dacl");
+    }
+
+
     krb_ok = ceo_del_princ(userid);
     if (!krb_ok)
         logmsg("successfully cleared principal for %s", userid);
diff --git a/src/addmember.c b/src/addmember.c
index 16a2076..f43507a 100644
--- a/src/addmember.c
+++ b/src/addmember.c
@@ -50,6 +50,7 @@ int addmember() {
     int krb_ok, user_ok, group_ok, home_ok, quota_ok;
     int id;
     char homedir[1024];
+    char acl_s[1024], dacl_s[1024];
     acl_t acl = NULL, dacl = NULL;
 
     logmsg("adding uid=%s cn=%s program=%s by %s", userid, name, program, user);
@@ -62,16 +63,6 @@ int addmember() {
 
     snprintf(homedir, sizeof(homedir), "%s/%s", member_home, userid);
 
-    acl = acl_from_text(member_home_acl);
-    if (acl == NULL)
-        fatalpe("Unable to parse member_home_acl");
-
-    if (*member_home_acl) {
-        dacl = acl_from_text(member_home_dacl);
-        if (dacl == NULL)
-            fatalpe("Unable to parse member_home_dacl");
-    }
-
     if (ceo_read_password(password, sizeof(password), use_stdin))
         return 1;
 
@@ -85,6 +76,18 @@ int addmember() {
     if ((id = ceo_new_uid(member_min_id, member_max_id)) <= 0)
         fatal("no available uids in range [%d, %d]", member_min_id, member_max_id);
 
+    snprintf(acl_s, sizeof(acl_s), member_home_acl, id);
+
+    acl = acl_from_text(acl_s);
+    if (acl == NULL)
+        fatalpe("Unable to parse member_home_acl");
+
+    if (*member_home_acl) {
+        snprintf(dacl_s, sizeof(dacl_s), member_home_dacl, id);
+        dacl = acl_from_text(dacl_s);
+        if (dacl == NULL)
+            fatalpe("Unable to parse member_home_dacl");
+    }
     krb_ok = ceo_del_princ(userid);
     krb_ok = krb_ok || ceo_add_princ(userid, password);
     if (!krb_ok)