diff --git a/openvpn/config.sls b/openvpn/config.sls
index 1876c96..b3ba173 100644
--- a/openvpn/config.sls
+++ b/openvpn/config.sls
@@ -169,7 +169,7 @@ openvpn_{{ type }}_{{ name }}_log_file:
     - name: {{ config.log }}
     - makedirs: True
     - replace: False
-    {{ _permissions(640) }}
+    {{ _permissions(640, map.log_user) }}
     - require_in:
       {%- if map.multi_services %}
       - service: openvpn_{{name}}_service
@@ -185,7 +185,7 @@ openvpn_{{ type }}_{{ name }}_log_file_append:
     - name: {{ config.log_append }}
     - makedirs: True
     - replace: False
-    {{ _permissions(640) }}
+    {{ _permissions(640, map.log_user) }}
     - require_in:
       {%- if map.multi_services %}
       - service: openvpn_{{name}}_service
diff --git a/openvpn/defaults.yaml b/openvpn/defaults.yaml
index a470088..0aeabb9 100644
--- a/openvpn/defaults.yaml
+++ b/openvpn/defaults.yaml
@@ -7,6 +7,8 @@ openvpn:
   external_repo_supported: []
   external_repo_version: stable
   group: nobody
+  # None, will default to 'user'
+  log_user:
   multi_services: False
   pkgs: ['openvpn']
   service: openvpn
diff --git a/openvpn/osfamilymap.yaml b/openvpn/osfamilymap.yaml
index 99c6cc2..efbe365 100644
--- a/openvpn/osfamilymap.yaml
+++ b/openvpn/osfamilymap.yaml
@@ -4,6 +4,7 @@ Arch:
     - easy-rsa
 Debian:
   group: nogroup
+  log_user: root
 RedHat:
   pkgs:
     - openvpn