diff --git a/su.h b/su.h
index 57044a821..d9c00596c 100644
--- a/su.h
+++ b/su.h
@@ -89,6 +89,12 @@ struct su_user_info {
     // the user in android userspace (multiuser)
     // that invoked this action.
     unsigned android_user_id;
+    // path to superuser directory. this is populated according
+    // to the multiuser mode.
+    // this is used to check uid/gid for protecting socket.
+    // this is used instead of database, as it is more likely
+    // to exist. db will not exist if su has never launched.
+    char base_path[PATH_MAX];
     // path to su database. this is populated according
     // to the multiuser mode.
     char database_path[PATH_MAX];
diff --git a/su_daemon.c b/su_daemon.c
index e474479c2..0fa10dff5 100644
--- a/su_daemon.c
+++ b/su_daemon.c
@@ -156,9 +156,8 @@ void su_daemon_receiver(int client) {
 	snprintf(su_ctx->user.database_path, PATH_MAX, "%s/%d/%s",
 		USER_DATA_PATH, su_ctx->user.android_user_id, REQUESTOR_DATABASE_PATH);
 
-	// verify if Magisk Manager is installed
+	// Check main Magisk Manager
 	xstat(APP_DATA_PATH REQUESTOR, &su_ctx->st);
-	// odd perms on superuser data dir
 	if (su_ctx->st.st_gid != su_ctx->st.st_uid) {
 		LOGE("Bad uid/gid %d/%d for Superuser Requestor application", su_ctx->st.st_uid, su_ctx->st.st_gid);
 		info->policy = DENY;
@@ -172,6 +171,17 @@ void su_daemon_receiver(int client) {
 		// Get data from database
 		database_check(su_ctx);
 
+		if (su_ctx->info->multiuser_mode == MULTIUSER_MODE_USER) {
+			snprintf(su_ctx->user.base_path, PATH_MAX, "%s/%d/%s",
+				USER_DATA_PATH, su_ctx->user.android_user_id, REQUESTOR);
+			// Check the user installed Magisk Manager
+			xstat(su_ctx->user.base_path, &su_ctx->st);
+			if (su_ctx->st.st_gid != su_ctx->st.st_uid) {
+				LOGE("Bad uid/gid %d/%d for Superuser Requestor application", su_ctx->st.st_uid, su_ctx->st.st_gid);
+				info->policy = DENY;
+			}
+		}
+
 		// Handle multiuser denies
 		if (su_ctx->user.android_user_id &&
 			su_ctx->info->multiuser_mode == MULTIUSER_MODE_OWNER_ONLY) {