diff --git a/CHANGELOG.md b/CHANGELOG.md
index e7b7d78..b8ec5c1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,7 +7,9 @@
 * MQSC files supplied will be verified before being run. Files containing invalid MQSC will cause the container to fail to start
 
 Other changes:
-* Security Fixes
+* Security fixes
+* Web console added to production image
+* Container built on RedHat host
 
 ## 9.1.2.0 (2019-03-21)
 
diff --git a/cmd/runmqserver/main.go b/cmd/runmqserver/main.go
index d25810b..00ce9ec 100644
--- a/cmd/runmqserver/main.go
+++ b/cmd/runmqserver/main.go
@@ -109,12 +109,36 @@ func doMain() error {
 		logTermination(err)
 		return err
 	}
+
 	err = createDirStructure()
 	if err != nil {
 		logTermination(err)
 		return err
 	}
 
+	// handle /var/mqm/ permissions in upgrade to UBI
+	if *initFlag {
+		varMqmDirs := []string{
+			"/var/mqm/config",
+			"/var/mqm/conv",
+			"/var/mqm/errors",
+			"/var/mqm/exits",
+			"/var/mqm/exits64",
+			"/var/mqm/log",
+			"/var/mqm/mqft",
+			"/var/mqm/qmgrs",
+			"/var/mqm/shared",
+			"/var/mqm/sockets",
+			"/var/mqm/trace",
+			"/var/mqm/web",
+		}
+		err = configureOwnership(varMqmDirs)
+		if err != nil {
+			logTermination(err)
+			return err
+		}
+	}
+
 	// If init flag is set, exit now
 	if *initFlag {
 		return nil
diff --git a/cmd/runmqserver/qmgr.go b/cmd/runmqserver/qmgr.go
index 14b5a49..5cf15b5 100644
--- a/cmd/runmqserver/qmgr.go
+++ b/cmd/runmqserver/qmgr.go
@@ -24,6 +24,8 @@ import (
 	"path/filepath"
 	"strings"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/ibm-messaging/mq-container/internal/command"
 	containerruntime "github.com/ibm-messaging/mq-container/internal/containerruntime"
 	"github.com/ibm-messaging/mq-container/internal/mqscredact"
@@ -41,6 +43,47 @@ func createDirStructure() error {
 	return nil
 }
 
+// configureOwnership recursively handles ownership of files within the given filepath
+func configureOwnership(paths []string) error {
+	uid, gid, err := command.LookupMQM()
+	if err != nil {
+		return err
+	}
+	var fileInfo *unix.Stat_t
+	fileInfo = new(unix.Stat_t)
+	for _, root := range paths {
+		_, err = os.Stat(root)
+		if err != nil {
+			if os.IsNotExist(err) {
+				continue
+			}
+			return err
+		}
+		err = filepath.Walk(root, func(from string, info os.FileInfo, err error) error {
+			if err != nil {
+				return err
+			}
+			to := fmt.Sprintf("%v%v", root, from[len(root):])
+			err = unix.Stat(to, fileInfo)
+			if err != nil {
+				return err
+			}
+			fileUID := fmt.Sprint(fileInfo.Uid)
+			if strings.Compare(fileUID, "999") == 0 {
+				err = os.Chown(to, uid, gid)
+				if err != nil {
+					return err
+				}
+			}
+			return nil
+		})
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // createQueueManager creates a queue manager, if it doesn't already exist.
 // It returns true if one was created (or a standby was created), or false if one already existed
 func createQueueManager(name string) (bool, error) {