diff --git a/web/tunnel/apps.py b/web/tunnel/apps.py
index 9bde22d2c012b096878489522d1694698d020ff4..c1aa00d66ce862d57a18d7483dfb7690909b07a4 100644
--- a/web/tunnel/apps.py
+++ b/web/tunnel/apps.py
@@ -77,11 +77,21 @@ class TunnelConfig(AppConfig):
         HandlerModel(**data).save()
 
     def setup_db(self):
-        user_groups = {
-            "jupyterhub": ["access_to_webservice", "access_to_logging"],
-            "k8smgr": ["access_to_webservice_restart"],
-            "remotecheck": ["access_to_webservice_remote_check"],
-        }
+        user_groups = {}
+        for key in os.environ.keys():
+            if key.endswith("_USER_PASS"):
+                username = key[: -len("_USER_PASS")].lower()
+                if username == "jupyterhub":
+                    user_groups[username] = [
+                        "access_to_webservice",
+                        "access_to_logging",
+                    ]
+                elif username.startswith("k8smgr"):
+                    user_groups[username] = ["access_to_webservice_restart"]
+                elif username.startswith("remotecheck"):
+                    user_groups[username] = ["access_to_webservice_remote_check"]
+                else:
+                    user_groups[username] = ["access_to_webservice"]
 
         superuser_name = "admin"
         superuser_mail = os.environ.get("SUPERUSER_MAIL", "admin@example.com")
@@ -94,7 +104,11 @@ class TunnelConfig(AppConfig):
             userpass = os.environ.get(f"{username.upper()}_USER_PASS", None)
             if userpass:
                 self.create_user(username, userpass, groups=groups)
-
+            else:
+                log.info(
+                    f"Do not create user {username} - password is missing",
+                    extra={"uuidcode": "StartUp"},
+                )
 
     def ready(self):
         if os.environ.get("GUNICORN_START", "false").lower() == "true":
diff --git a/web/tunnel/utils.py b/web/tunnel/utils.py
index 1e10ab8cf21141d898c755f4dd66b3201ff11206..1a30be6378c2129d0ddf842b9faf038173911880 100644
--- a/web/tunnel/utils.py
+++ b/web/tunnel/utils.py
@@ -119,14 +119,13 @@ def run_popen_cmd(
     # gunicorn preload app feature does not use gunicorn user/group but
     # the current uid instead. Which is root. We don't want to run commands as root.
     def set_uid():
-        def result():
+        try:
             os.setuid(1000)
-            os.setgid(100)
-
-        return result
+        except:
+            pass
 
     with subprocess.Popen(
-        cmd, stderr=subprocess.PIPE, stdout=subprocess.PIPE, preexec_fn=set_uid()
+        cmd, stderr=subprocess.PIPE, stdout=subprocess.PIPE, preexec_fn=set_uid
     ) as p:
         stdout, stderr = p.communicate()
         returncode = p.returncode