diff --git a/src/imap-urlauth/imap-urlauth-worker.c b/src/imap-urlauth/imap-urlauth-worker.c
index 07a0a08b98..5c50d770fb 100644
--- a/src/imap-urlauth/imap-urlauth-worker.c
+++ b/src/imap-urlauth/imap-urlauth-worker.c
@@ -970,8 +970,6 @@ int main(int argc, char *argv[])
 			MASTER_SERVICE_FLAG_STD_CLIENT;
 	} else {
 		service_flags |= MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN;
-		storage_service_flags |=
-			MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
 	}
 
 	master_service = master_service_init("imap-urlauth-worker", service_flags,
diff --git a/src/imap/main.c b/src/imap/main.c
index c6170bd2eb..efd413381d 100644
--- a/src/imap/main.c
+++ b/src/imap/main.c
@@ -449,7 +449,6 @@ int main(int argc, char *argv[])
 	} else {
 		service_flags |= MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN;
 		storage_service_flags |=
-			MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT |
 			MAIL_STORAGE_SERVICE_FLAG_NO_NAMESPACES;
 
 		/*
diff --git a/src/indexer/indexer-worker.c b/src/indexer/indexer-worker.c
index 32ee9d8cdc..50645b761e 100644
--- a/src/indexer/indexer-worker.c
+++ b/src/indexer/indexer-worker.c
@@ -49,7 +49,6 @@ int main(int argc, char *argv[])
 		MASTER_SERVICE_FLAG_SEND_STATS |
 		MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN;
 	enum mail_storage_service_flags storage_service_flags =
-		MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT |
 		MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP |
 		MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP |
 		MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT;
diff --git a/src/lda/main.c b/src/lda/main.c
index 80b1114230..998bfdd35e 100644
--- a/src/lda/main.c
+++ b/src/lda/main.c
@@ -411,8 +411,7 @@ int main(int argc, char *argv[])
 	service_input.service = "lda";
 	service_input.username = user;
 
-	service_flags |= MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT |
-		MAIL_STORAGE_SERVICE_FLAG_USE_SYSEXITS;
+	service_flags |= MAIL_STORAGE_SERVICE_FLAG_USE_SYSEXITS;
 	storage_service = mail_storage_service_init(master_service, set_roots,
 						    service_flags);
 	mail_deliver_hooks_init();
diff --git a/src/lib-storage/mail-storage-service.c b/src/lib-storage/mail-storage-service.c
index 11a45c2d8f..0a27b745b9 100644
--- a/src/lib-storage/mail-storage-service.c
+++ b/src/lib-storage/mail-storage-service.c
@@ -1467,7 +1467,7 @@ mail_storage_service_next_real(struct mail_storage_service_ctx *ctx,
 	const char *error;
 	size_t len;
 	bool allow_root =
-		(user->flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) == 0;
+		(user->flags & MAIL_STORAGE_SERVICE_FLAG_ALLOW_ROOT) != 0;
 	bool temp_priv_drop =
 		(user->flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0;
 	bool use_chroot;
diff --git a/src/lib-storage/mail-storage-service.h b/src/lib-storage/mail-storage-service.h
index fe49607737..8861d6839e 100644
--- a/src/lib-storage/mail-storage-service.h
+++ b/src/lib-storage/mail-storage-service.h
@@ -10,8 +10,8 @@ struct setting_parser_info;
 struct mail_storage_service_user;
 
 enum mail_storage_service_flags {
-	/* Fail if we don't drop root privileges */
-	MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT		= 0x01,
+	/* Allow not dropping root privileges */
+	MAIL_STORAGE_SERVICE_FLAG_ALLOW_ROOT		= 0x01,
 	/* Lookup user from userdb */
 	MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP		= 0x02,
 	/* Force mail_debug=yes */
diff --git a/src/lmtp/main.c b/src/lmtp/main.c
index b73a5e290a..f9800fbe4e 100644
--- a/src/lmtp/main.c
+++ b/src/lmtp/main.c
@@ -113,7 +113,6 @@ int main(int argc, char *argv[])
 		MASTER_SERVICE_FLAG_SEND_STATS |
 		MASTER_SERVICE_FLAG_USE_SSL_SETTINGS;
 	enum mail_storage_service_flags storage_service_flags =
-		MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT |
 		MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP |
 		MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP |
 		MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT |
diff --git a/src/plugins/quota/quota-status.c b/src/plugins/quota/quota-status.c
index 431a980e67..0b58c17645 100644
--- a/src/plugins/quota/quota-status.c
+++ b/src/plugins/quota/quota-status.c
@@ -224,6 +224,7 @@ static void main_init(void)
 
 	clients = connection_list_init(&client_set, &client_vfuncs);
 	storage_service = mail_storage_service_init(master_service, set_roots,
+		MAIL_STORAGE_SERVICE_FLAG_ALLOW_ROOT |
 		MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP |
 		MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP |
 		MAIL_STORAGE_SERVICE_FLAG_ENABLE_CORE_DUMPS |
diff --git a/src/pop3/main.c b/src/pop3/main.c
index bb1a248d69..85916c3cb7 100644
--- a/src/pop3/main.c
+++ b/src/pop3/main.c
@@ -338,8 +338,6 @@ int main(int argc, char *argv[])
 			MASTER_SERVICE_FLAG_STD_CLIENT;
 	} else {
 		service_flags |= MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN;
-		storage_service_flags |=
-			MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
 	}
 
 	/*
diff --git a/src/submission/main.c b/src/submission/main.c
index b1488214e2..605fc8caa6 100644
--- a/src/submission/main.c
+++ b/src/submission/main.c
@@ -285,8 +285,6 @@ int main(int argc, char *argv[])
 			MASTER_SERVICE_FLAG_STD_CLIENT;
 	} else {
 		service_flags |= MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN;
-		storage_service_flags |=
-			MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
 	}
 
 	master_service = master_service_init("submission", service_flags,
diff --git a/src/util/script-login.c b/src/util/script-login.c
index 0954b47c50..2213edf893 100644
--- a/src/util/script-login.c
+++ b/src/util/script-login.c
@@ -26,6 +26,7 @@ static bool drop_to_userdb_privileges = FALSE;
 static void client_connected(struct master_service_connection *conn)
 {
 	enum mail_storage_service_flags flags =
+		MAIL_STORAGE_SERVICE_FLAG_ALLOW_ROOT |
 		MAIL_STORAGE_SERVICE_FLAG_NO_PLUGINS;
 	string_t *instr, *keys;
 	const char *const *args, *key, *value, *error, *version_line, *data_line;