diff --git a/src/yunohost/backup.py b/src/yunohost/backup.py
index d98250629..0c8445bd6 100644
--- a/src/yunohost/backup.py
+++ b/src/yunohost/backup.py
@@ -40,7 +40,7 @@ from moulinette import msignals, m18n
 from yunohost.utils.error import YunohostError
 from moulinette.utils import filesystem
 from moulinette.utils.log import getActionLogger
-from moulinette.utils.filesystem import read_file
+from moulinette.utils.filesystem import read_file, mkdir
 
 from yunohost.app import (
     app_info, _is_installed, _parse_app_instance_name, _patch_php5
@@ -2295,7 +2295,9 @@ def _create_archive_dir():
         if os.path.lexists(ARCHIVES_PATH):
             raise YunohostError('backup_output_symlink_dir_broken', path=ARCHIVES_PATH)
 
-        os.mkdir(ARCHIVES_PATH, 0o750)
+        # Create the archive folder, with 'admin' as owner, such that
+        # people can scp archives out of the server
+        mkdir(ARCHIVES_PATH, mode=0o750, parents=True, uid="admin", gid="root")
 
 
 def _call_for_each_path(self, callback, csv_path=None):
diff --git a/src/yunohost/data_migrations/0008_ssh_conf_managed_by_yunohost_step2.py b/src/yunohost/data_migrations/0008_ssh_conf_managed_by_yunohost_step2.py
index 11b450479..0abb18a26 100644
--- a/src/yunohost/data_migrations/0008_ssh_conf_managed_by_yunohost_step2.py
+++ b/src/yunohost/data_migrations/0008_ssh_conf_managed_by_yunohost_step2.py
@@ -2,6 +2,7 @@ import re
 
 from moulinette import m18n
 from moulinette.utils.log import getActionLogger
+from moulinette.utils.filesystem import chown
 
 from yunohost.tools import Migration
 from yunohost.service import service_regen_conf, \
@@ -9,6 +10,8 @@ from yunohost.service import service_regen_conf, \
                              _calculate_hash
 from yunohost.settings import settings_set, settings_get
 from yunohost.utils.error import YunohostError
+from yunohost.backup import ARCHIVES_PATH
+
 
 logger = getActionLogger('yunohost.migration')
 
@@ -34,6 +37,10 @@ class MyMigration(Migration):
         settings_set("service.ssh.allow_deprecated_dsa_hostkey", False)
         service_regen_conf(names=['ssh'], force=True)
 
+        # Update local archives folder permissions, so that
+        # admin can scp archives out of the server
+        chown(ARCHIVES_PATH, uid="admin", gid="root")
+
     def backward(self):
 
         raise YunohostError("migration_0008_backward_impossible")