diff --git a/packaging/freebsd/colibri_daemon.in b/packaging/freebsd/colibri_daemon.in
index e78f65c..9f0f454 100644
--- a/packaging/freebsd/colibri_daemon.in
+++ b/packaging/freebsd/colibri_daemon.in
@@ -4,8 +4,9 @@
 #
 # colibri-daemon runs in the FOREGROUND — it does not self-daemonize or write a
 # pidfile. rc.d runs it under daemon(8), which backgrounds it, writes the
-# child pidfile (colibri-daemon PID), restarts on crash, drops privileges to
-# the colibri user, and redirects stdout/stderr (tracing) to a logfile.
+# child pidfile (colibri-daemon PID), restarts on crash, and redirects
+# stdout/stderr (tracing) to a logfile. rc.subr performs the privilege drop
+# through ${name}_user.
 #
 # Setup (one-time, as root):
 #   pw groupadd colibri
@@ -37,7 +38,7 @@ load_rc_config $name
 : ${colibri_daemon_enable:="NO"}
 : ${colibri_daemon_user:="colibri"}
 : ${colibri_daemon_group:="colibri"}
-: ${colibri_daemon_program:="/usr/local/bin/colibri-daemon"}
+: ${colibri_daemon_binary:="/usr/local/bin/colibri-daemon"}
 : ${colibri_daemon_data_dir:="/var/db/colibri"}
 : ${colibri_daemon_run_dir:="/var/run/colibri"}
 : ${colibri_daemon_socket:="${colibri_daemon_run_dir}/colibri.sock"}
@@ -54,11 +55,13 @@ supervisor_pidfile="${colibri_daemon_run_dir}/colibri-daemon-supervisor.pid"
 # Run colibri-daemon under daemon(8):
 #   -P supervisor pidfile (the daemon(8) parent — used by stop)
 #   -p child pidfile (writes colibri-daemon PID — used by start/status)
-#   -r restart on crash, -t process title, -u drop to the colibri user,
+#   -r restart on crash, -t process title,
 #   -o append stdout/stderr to log.
+# rc.subr already runs the command as ${colibri_daemon_user}; do not also pass
+# daemon(8) -u or daemon(8) will try to drop privileges a second time.
 command="/usr/sbin/daemon"
-command_args="-P ${supervisor_pidfile} -p ${pidfile} -r -t ${name} -u ${colibri_daemon_user} \
-    -o ${colibri_daemon_logfile} ${colibri_daemon_program}"
+command_args="-P ${supervisor_pidfile} -p ${pidfile} -r -t ${name} \
+    -o ${colibri_daemon_logfile} ${colibri_daemon_binary}"
 
 # Use the child's process name so rc.subr can find the right process via the
 # child pidfile.  Using the daemon(8) supervisor path would collide with
@@ -81,6 +84,11 @@ colibri_daemon_prestart()
     install -d -o "${colibri_daemon_user}" -g "${colibri_daemon_group}" -m 0750 \
         "$(/usr/bin/dirname "${colibri_daemon_logfile}")"
 
+    # Remove stale runtime files while rc.d is still root. The daemon process
+    # runs as colibri and cannot unlink a stale socket left behind by a prior
+    # root/corrupt manual start.
+    rm -f "${colibri_daemon_socket}" "${pidfile}" "${supervisor_pidfile}"
+
     # Config is passed to the child via the environment.
     export COLIBRI_DAEMON_DATA_DIR="${colibri_daemon_data_dir}"
     export COLIBRI_DAEMON_SOCKET="${colibri_daemon_socket}"
@@ -101,6 +109,8 @@ colibri_daemon_poststart()
 
     if [ -S "${colibri_daemon_socket}" ]; then
         echo "colibri-daemon socket ready after ${waited}s"
+        chmod 644 "${pidfile}" 2>/dev/null || true
+        chmod 660 "${colibri_daemon_socket}" 2>/dev/null || true
     else
         echo "WARNING: colibri-daemon socket not ready after ${timeout}s"
     fi