diff --git a/acl/edit_acl.cgi b/acl/edit_acl.cgi
index cf355ee9a..de7bf395b 100755
--- a/acl/edit_acl.cgi
+++ b/acl/edit_acl.cgi
@@ -2,32 +2,37 @@
 # edit_acl.cgi
 # Display a form for editing the access control options for some module
 
+use strict;
+use warnings;
 require './acl-lib.pl';
+our (%in, %text, %config, %access, $base_remote_user, %gconfig);
 &ReadParse();
 $access{'acl'} || &error($text{'acl_emod'});
+
+my $who;
 if ($in{'group'}) {
 	$access{'groups'} || &error($text{'acl_egroup'});
 	$who = $in{'group'};
 	}
 else {
-	$me = &get_user($base_remote_user);
-	@mcan = $access{'mode'} == 1 ? @{$me->{'modules'}} :
-		$access{'mode'} == 2 ? split(/\s+/, $access{'mods'}) :
-				       ( &list_modules() , "" );
+	my $me = &get_user($base_remote_user);
+	my @mcan = $access{'mode'} == 1 ? @{$me->{'modules'}} :
+		   $access{'mode'} == 2 ? split(/\s+/, $access{'mods'}) :
+				          ( &list_modules() , "" );
 	&indexof($in{'mod'}, @mcan) >= 0 || &error($text{'acl_emod'});
 	&can_edit_user($in{'user'}) || &error($text{'acl_euser'});
 	$who = $in{'user'};
 	}
 
-%minfo = $in{'mod'} ? &get_module_info($in{'mod'})
-		    : ( 'desc' => $text{'index_global'} );
-$below = &text($in{'group'} ? 'acl_title3' : 'acl_title2', "<tt>$who</tt>",
-	       "<tt>$minfo{'desc'}</tt>");
+my %minfo = $in{'mod'} ? &get_module_info($in{'mod'})
+		       : ( 'desc' => $text{'index_global'} );
+my $below = &text($in{'group'} ? 'acl_title3' : 'acl_title2', "<tt>$who</tt>",
+	          "<tt>$minfo{'desc'}</tt>");
 &ui_print_header($below, $text{'acl_title'}, "",
 		 -r &help_file($in{'mod'}, "acl_info") ?
 			[ "acl_info", $in{'mod'} ] : undef);
-%maccess = $in{'group'} ? &get_group_module_acl($who, $in{'mod'})
-		        : &get_module_acl($who, $in{'mod'}, 1);
+my %maccess = $in{'group'} ? &get_group_module_acl($who, $in{'mod'})
+		           : &get_module_acl($who, $in{'mod'}, 1);
 
 # display the form
 print &ui_form_start("save_acl.cgi", "post");
@@ -56,7 +61,7 @@ if ($in{'mod'}) {
 			[ [ 0, $text{'yes'} ], [ 1, $text{'no'} ] ]), 3);
 	}
 
-$mdir = &module_root_directory($in{'mod'});
+my $mdir = &module_root_directory($in{'mod'});
 if (-r "$mdir/acl_security.pl") {
 	print &ui_table_hr() if ($in{'mod'});
 	&foreign_require($in{'mod'}, "acl_security.pl");
diff --git a/acl/save_acl.cgi b/acl/save_acl.cgi
index 0965ad1cd..40b7acc05 100755
--- a/acl/save_acl.cgi
+++ b/acl/save_acl.cgi
@@ -2,24 +2,32 @@
 # save_acl.cgi
 # Save access control options for some module
 
+use strict;
+use warnings;
 require './acl-lib.pl';
+our (%in, %text, %config, %access, $base_remote_user, %gconfig,
+     $config_directory);
 &ReadParse();
+
+my $who;
 if ($in{'_acl_group'}) {
 	$access{'groups'} || &error($text{'acl_egroup'});
 	$who = $in{'_acl_group'};
 	}
 else {
-	$me = &get_user($base_remote_user);
-	@mcan = $access{'mode'} == 1 ? @{$me->{'modules'}} :
-		$access{'mode'} == 2 ? split(/\s+/, $access{'mods'}) :
-				       ( &list_modules(), "" );
+	my $me = &get_user($base_remote_user);
+	my @mcan = $access{'mode'} == 1 ? @{$me->{'modules'}} :
+		   $access{'mode'} == 2 ? split(/\s+/, $access{'mods'}) :
+				          ( &list_modules(), "" );
 	&indexof($in{'_acl_mod'}, @mcan) >= 0 || &error($text{'acl_emod'});
 	&can_edit_user($in{'_acl_user'}) || &error($text{'acl_euser'});
 	$who = $in{'_acl_user'};
 	}
 
-$aclfile = $in{'_acl_group'} ? "$config_directory/$in{'_acl_mod'}/$who.gacl"
-			     : "$config_directory/$in{'_acl_mod'}/$who.acl";
+my $aclfile = $in{'_acl_group'} ? "$config_directory/$in{'_acl_mod'}/$who.gacl"
+			        : "$config_directory/$in{'_acl_mod'}/$who.acl";
+my %minfo = $in{'_acl_mod'} ? &get_module_info($in{'_acl_mod'})
+			    : ( 'desc' => $text{'index_global'} );
 if ($in{'reset'}) {
 	# Just remove the .acl file
 	&lock_file($aclfile);
@@ -40,6 +48,7 @@ if ($in{'reset'}) {
 else {
 	# Validate and store ACL settings
 	&error_setup($text{'acl_err'});
+	my %maccess;
 	$maccess{'noconfig'} = $in{'noconfig'};
 	if ($in{'rbac'}) {
 		# RBAC overrides everything
@@ -65,18 +74,15 @@ else {
 		&save_module_acl(\%maccess, $in{'_acl_user'},
 				 $in{'_acl_mod'},1);
 		}
-	chmod(0640, $aclfile) if (-r $aclfile);
+	&set_ownership_permissions(undef, undef, 0640, $aclfile);
 	&unlock_file($aclfile);
 
-	%minfo = $in{'_acl_mod'} ? &get_module_info($in{'_acl_mod'})
-				 : ( 'desc' => $text{'index_global'} );
-
 	if ($in{'_acl_group'}) {
 		# Recursively update the ACL for all member users and groups
 		# XXX ACL in DB?
-		@ulist = &list_users();
-		@glist = &list_groups();
-		($group) = grep { $_->{'name'} eq $in{'_acl_group'} } @glist;
+		my @ulist = &list_users();
+		my @glist = &list_groups();
+		my ($group) = grep { $_->{'name'} eq $in{'_acl_group'} } @glist;
 		&set_acl_files(\@ulist, \@glist, $in{'_acl_mod'},
 			       $group->{'members'}, \%maccess);
 		}