diff --git a/debian/security-misc.postinst b/debian/security-misc.postinst
index 5ee40c6..d1f61d1 100644
--- a/debian/security-misc.postinst
+++ b/debian/security-misc.postinst
@@ -38,6 +38,7 @@ permission_hardening() {
 }
 
 migrate_permission_hardener_state() {
+   local existing_mode_dir new_mode_dir dpkg_statoverride_list
    ## If folder /var/lib/permission-hardener (version 1) does not exist, this migration is unneeded.
    if [ ! -d '/var/lib/permission-hardener' ]; then
       return 0
@@ -48,10 +49,27 @@ migrate_permission_hardener_state() {
    fi
    mkdir --parents '/var/lib/security-misc/do_once'
 
-   mkdir --parents '/var/lib/permission-hardener-v2/existing_mode'
-   mkdir --parents '/var/lib/permission-hardener-v2/new_mode'
-   cp --verbose '/usr/share/security-misc/permission-hardener-existing-mode-legacy-hardcoded' '/var/lib/permission-hardener-v2/existing_mode/statoverride'
-   cp --verbose '/usr/share/security-misc/permission-hardener-new-mode-legacy-hardcoded' '/var/lib/permission-hardener-v2/new_mode/statoverride'
+   existing_mode_dir='/var/lib/permission-hardener-v2/existing_mode'
+   new_mode_dir='/var/lib/permission-hardener-v2/new_mode'
+
+   mkdir --parents "${existing_mode_dir}";
+   mkdir --parents "${new_mode_dir}";
+
+   cp --verbose '/usr/share/security-misc/permission-hardener-existing-mode-legacy-hardcoded' "${existing_mode_dir}/statoverride"
+   cp --verbose '/usr/share/security-misc/permission-hardener-new-mode-legacy-hardcoded' "${new_mode_dir}/statoverride"
+
+   dpkg_statoverride_list="$(dpkg-statoverride --admindir "${new_mode_dir}" --list)"
+
+   if [ "$(stat --format '%G' /usr/bin/sudo)" = 'sysmaint' ]; then
+      if ! [[ "${dpkg_statoverride_list}" =~ '/usr/bin/sudo' ]]; then
+         dpkg-statoverride --admindir "${new_mode_dir}" --add 'root' 'sysmaint' '4750' '/usr/bin/sudo'
+      fi
+   fi
+   if [ "$(stat --format '%G' /usr/bin/pkexec)" = 'sysmaint' ]; then
+      if ! [[ "${dpkg_statoverride_list}" =~ '/usr/bin/pkexec' ]]; then
+         dpkg-statoverride --admindir "${new_mode_dir}" --add 'root' 'sysmaint' '4750' '/usr/bin/pkexec'
+      fi
+   fi
 
    touch "/var/lib/security-misc/do_once/${FUNCNAME[0]}_version_1"
 }
diff --git a/usr/share/security-misc/permission-hardener-new-mode-legacy-hardcoded b/usr/share/security-misc/permission-hardener-new-mode-legacy-hardcoded
index b8f0cf4..142686e 100644
--- a/usr/share/security-misc/permission-hardener-new-mode-legacy-hardcoded
+++ b/usr/share/security-misc/permission-hardener-new-mode-legacy-hardcoded
@@ -8,6 +8,7 @@ root root 744 /usr/bin/newgrp
 root root 700 /etc/cron.weekly
 root root 744 /usr/bin/su
 root root 700 /etc/cron.daily
+root root 755 /bin/ping
 root root 644 /etc/motd
 root _ssh 744 /usr/bin/ssh-agent
 root root 700 /boot