diff --git a/debian/postinst b/debian/postinst
index 1d3860224..26279bce7 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -20,7 +20,7 @@ if [ "$1" = configure ]; then
     fi
     
     . /usr/share/crowdsec/wizard.sh -n
-    if ! [[ -f /etc/crowdsec/config.yaml ]]; then
+    if ! [[ -f /etc/crowdsec/acquis.yaml ]]; then
         echo Creating /etc/crowdsec/acquis.yaml
         set +e
         SILENT=true detect_services
diff --git a/rpm/SOURCES/user.patch b/rpm/SOURCES/user.patch
new file mode 100644
index 000000000..b2df21840
--- /dev/null
+++ b/rpm/SOURCES/user.patch
@@ -0,0 +1,11 @@
+--- config/config.yaml-orig	2021-09-08 12:04:29.758785098 +0200
++++ config/config.yaml	2021-09-08 12:04:39.866856057 +0200
+@@ -32,7 +32,7 @@
+     max_age: 7d
+ plugin_config:
+   user: nobody # plugin process would be ran on behalf of this user
+-  group: nogroup # plugin process would be ran on behalf of this group
++  group: nobody # plugin process would be ran on behalf of this group
+ api:
+   client:
+     insecure_skip_verify: false
diff --git a/rpm/SPECS/crowdsec.spec b/rpm/SPECS/crowdsec.spec
index 738834237..481b118bf 100644
--- a/rpm/SPECS/crowdsec.spec
+++ b/rpm/SPECS/crowdsec.spec
@@ -11,6 +11,7 @@ Source1:        80-%{name}.preset
 Patch0:         crowdsec.unit.patch
 Patch1:         fix-wizard.patch
 Patch2:         config.patch
+Patch3:         user.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  git
@@ -36,6 +37,7 @@ BuildRequires:  systemd
 %patch0
 %patch1
 %patch2
+%patch3
 
 %build
 BUILD_VERSION=%{local_version} make
diff --git a/scripts/func_tests/config/http.yaml b/scripts/func_tests/config/http.yaml
index c7f7b2572..a834e8a8c 100644
--- a/scripts/func_tests/config/http.yaml
+++ b/scripts/func_tests/config/http.yaml
@@ -16,8 +16,7 @@ method: POST # eg either of "POST", "GET", "PUT" and other http verbs is valid v
 
 # skip_tls_verification:  # either true or false. Default is false
 
-# group_wait: # duration to wait collecting alerts before sending to this plugin, eg "30s"
-
+group_wait: 5s # duration to wait collecting alerts before sending to this plugin, eg "30s"
 group_threshold: 2 # if alerts exceed this, then the plugin will be sent the message. eg "10"
 
 # max_retry: # number of tries to attempt to send message to plugins in case of error.
diff --git a/scripts/func_tests/tests_post-install_0base.sh b/scripts/func_tests/tests_post-install_0base.sh
index 5270818ae..5e0f4a90b 100755
--- a/scripts/func_tests/tests_post-install_0base.sh
+++ b/scripts/func_tests/tests_post-install_0base.sh
@@ -5,6 +5,8 @@ source tests_base.sh
 
 echo $PATH
 
+sudo cp /etc/crowdsec/config.yaml ./config.yaml.backup
+
 ##########################
 ## TEST AGENT/LAPI/CAPI ##
 echo "CROWDSEC (AGENT+LAPI+CAPI)"
@@ -155,4 +157,6 @@ ${CSCLI_BIN} -c ./config/config_no_capi.yaml metrics || fail "failed to get metr
 
 sudo mv /tmp/crowdsec.service-orig /etc/systemd/system/crowdsec.service 
 
+sudo cp ./config.yaml.backup /etc/crowdsec/config.yaml 
+
 ${SYSTEMCTL} restart crowdsec
diff --git a/scripts/func_tests/tests_post-install_7_plugin.sh b/scripts/func_tests/tests_post-install_7_plugin.sh
index 8719f9b8a..010eb0057 100755
--- a/scripts/func_tests/tests_post-install_7_plugin.sh
+++ b/scripts/func_tests/tests_post-install_7_plugin.sh
@@ -11,8 +11,8 @@ function backup () {
 }
 
 function restore_backup () {
-    cat ./backup_profiles.yaml > /etc/crowdsec/profiles.yaml  
-    cat ./backup_http.yaml > /etc/crowdsec/notifications/http.yaml
+    cat ./backup_profiles.yaml | sudo tee /etc/crowdsec/profiles.yaml > /dev/null
+    cat ./backup_http.yaml | sudo tee /etc/crowdsec/notifications/http.yaml > /dev/null
 }
 
 function clear_backup() {
@@ -21,9 +21,13 @@ function clear_backup() {
 }
 
 function modify_config() {
-    cp ./config/http.yaml /etc/crowdsec/notifications/http.yaml
-    cp ./config/profiles.yaml /etc/crowdsec/profiles.yaml
-    systemctl restart crowdsec
+    PLUGINS_DIR=$(find /usr -type d -wholename "*"crowdsec/plugins)
+    sed -i "s#/usr/local/lib/crowdsec/plugins#${PLUGINS_DIR}#g" ./config/config.yaml
+    cat ./config/config.yaml | sudo tee /etc/crowdsec/config.yaml > /dev/null
+    cat ./config/http.yaml | sudo tee /etc/crowdsec/notifications/http.yaml > /dev/null
+    cat ./config/profiles.yaml | sudo tee /etc/crowdsec/profiles.yaml > /dev/null
+    ${SYSTEMCTL} restart crowdsec
+    sleep 5s
 }
 
 function setup_tests() {
@@ -39,18 +43,22 @@ function cleanup_tests() {
     clear_backup
     kill -9 $MOCK_SERVER_PID
     rm mock_http_server_logs.log
-    systemctl restart crowdsec
+    ${SYSTEMCTL} restart crowdsec
+    sleep 5s
 }
 
 function run_tests() {
     log_line_count=$(cat mock_http_server_logs.log | wc -l)
+
     if [[ $log_line_count -ne "0" ]] ; then
         cleanup_tests
         fail "expected 0 log lines fom mock http server before adding decisions"
     fi
-    cscli decisions add --ip 1.2.3.4 --duration 30s
-    cscli decisions add --ip 1.2.3.5 --duration 30s
+
+    ${CSCLI} decisions add --ip 1.2.3.4 --duration 30s
+    ${CSCLI} decisions add --ip 1.2.3.5 --duration 30s
     sleep 5
+    cat mock_http_server_logs.log
     log_line_count=$(cat mock_http_server_logs.log | wc -l)
     if [[ $log_line_count -ne "1" ]] ; then
         cleanup_tests
@@ -78,4 +86,5 @@ function run_tests() {
 
 setup_tests
 run_tests
-cleanup_tests
\ No newline at end of file
+cleanup_tests
+