diff --git a/usr/lib/security-misc/permission-hardening-undo b/usr/lib/security-misc/permission-hardening-undo
index 594a11e..0daba11 100755
--- a/usr/lib/security-misc/permission-hardening-undo
+++ b/usr/lib/security-misc/permission-hardening-undo
@@ -34,6 +34,7 @@ undo_all() {
       stat -c "%n %a %U %G" "$file_name" || true
 
       chown "${owner}:${group}" "$file_name" || exit_code=202
+      ## chmod need to be run after chown since chown would remove suid.
       chmod "$mode" "$file_name" || exit_code=203
 
       stat -c "%n %a %U %G" "$file_name" || true