diff --git a/plinth/modules/mldonkey/__init__.py b/plinth/modules/mldonkey/__init__.py
index d6572ef2f..06221335e 100644
--- a/plinth/modules/mldonkey/__init__.py
+++ b/plinth/modules/mldonkey/__init__.py
@@ -11,12 +11,13 @@ from plinth import cfg, frontpage, menu
 from plinth.daemon import Daemon
 from plinth.modules.apache.components import Webserver
 from plinth.modules.firewall.components import Firewall
+from plinth.modules.users import add_user_to_share_group
 from plinth.modules.users.components import UsersAndGroups
 from plinth.utils import format_lazy
 
 from .manifest import backup, clients  # noqa, pylint: disable=unused-import
 
-version = 1
+version = 2
 
 managed_services = ['mldonkey-server']
 
@@ -35,6 +36,8 @@ _description = [
           'directory.'), box_name=cfg.box_name)
 ]
 
+_SYSTEM_USER = 'mldonkey'
+
 app = None
 
 
@@ -81,7 +84,7 @@ class MLDonkeyApp(app_module.App):
         self.add(daemon)
 
         users_and_groups = UsersAndGroups('users-and-groups-mldonkey',
-                                          reserved_usernames=['mldonkey'],
+                                          reserved_usernames=[_SYSTEM_USER],
                                           groups=groups)
         self.add(users_and_groups)
 
@@ -100,4 +103,7 @@ def setup(helper, old_version=None):
     """Install and configure the module."""
     helper.call('pre', actions.superuser_run, 'mldonkey', ['pre-install'])
     helper.install(managed_packages)
-    helper.call('post', app.enable)
+    if not old_version:
+        helper.call('post', app.enable)
+
+    add_user_to_share_group(_SYSTEM_USER, managed_services[0])
diff --git a/plinth/modules/mldonkey/data/lib/systemd/system/mldonkey-server.service.d/freedombox.conf b/plinth/modules/mldonkey/data/lib/systemd/system/mldonkey-server.service.d/freedombox.conf
index d898ba8e0..ef27515fa 100644
--- a/plinth/modules/mldonkey/data/lib/systemd/system/mldonkey-server.service.d/freedombox.conf
+++ b/plinth/modules/mldonkey/data/lib/systemd/system/mldonkey-server.service.d/freedombox.conf
@@ -21,8 +21,7 @@ ProtectHome=yes
 ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
-ProtectSystem=strict
-ReadWritePaths=/var/lib/mldonkey
+ProtectSystem=full
 RemainAfterExit=no
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictRealtime=yes