diff --git a/m/common/base/users.nix b/m/common/base/users.nix
index f65616c1..539b5b0e 100644
--- a/m/common/base/users.nix
+++ b/m/common/base/users.nix
@@ -224,6 +224,8 @@
 
     groups = {
       Computational = { gid = 564; };
+      fox = { gid = 565; };
+      owl = { gid = 566; };
       tracing = { };
     };
   };
diff --git a/m/module/jungle-users.nix b/m/module/jungle-users.nix
index 9601d299..900dfad5 100644
--- a/m/module/jungle-users.nix
+++ b/m/module/jungle-users.nix
@@ -17,8 +17,13 @@ with lib;
     allowedUser = host: userConf: builtins.elem host userConf.hosts;
     filterUsers = host: users: filterAttrs (n: v: allowedUser host v) users;
     removeHosts = users: mapAttrs (n: v: builtins.removeAttrs v [ "hosts" ]) users;
+    addExtraGroups = mapAttrs (_: user: user // {
+        extraGroups = (user.extraGroups or [ ])
+          ++ (lib.optionals (allowedUser "fox" user) [ "fox" ])
+          ++ (lib.optionals (allowedUser "owl1" user || allowedUser "owl2" user) [ "owl" ]);
+      });
     currentHost = config.networking.hostName;
   in {
-    users.users = removeHosts (filterUsers currentHost config.users.jungleUsers);
+    users.users = removeHosts (addExtraGroups (filterUsers currentHost config.users.jungleUsers));
   };
 }
diff --git a/m/module/slurm-common.nix b/m/module/slurm-common.nix
index 70dbf6cf..8c48dd6e 100644
--- a/m/module/slurm-common.nix
+++ b/m/module/slurm-common.nix
@@ -10,8 +10,8 @@
     ];
 
     partitionName = [
-      "owl Nodes=owl[1-2]     Default=YES DefaultTime=01:00:00 MaxTime=INFINITE State=UP"
-      "fox Nodes=fox          Default=NO  DefaultTime=01:00:00 MaxTime=INFINITE State=UP"
+      "owl Nodes=owl[1-2]     Default=YES DefaultTime=01:00:00 MaxTime=INFINITE State=UP AllowGroups=wheel,owl"
+      "fox Nodes=fox          Default=NO  DefaultTime=01:00:00 MaxTime=INFINITE State=UP AllowGroups=wheel,fox"
     ];
 
     # See slurm.conf(5) for more details about these options.