diff --git a/build_sdcard.sh b/build_sdcard.sh
index bc27bb5d4..a7c013ae4 100755
--- a/build_sdcard.sh
+++ b/build_sdcard.sh
@@ -443,6 +443,11 @@ echo "*** ADDING GROUPS FOR CREDENTIALS STORE ***"
 sudo /usr/sbin/groupadd --force --gid 9700 lndadmin
 sudo /usr/sbin/groupadd --force --gid 9701 lndinvoice
 sudo /usr/sbin/groupadd --force --gid 9702 lndreadonly
+sudo /usr/sbin/groupadd --force --gid 9703 lndinvoices
+sudo /usr/sbin/groupadd --force --gid 9704 lndchainnotifier
+sudo /usr/sbin/groupadd --force --gid 9705 lndsigner
+sudo /usr/sbin/groupadd --force --gid 9706 lndwalletkit
+sudo /usr/sbin/groupadd --force --gid 9707 lndrouter
 
 echo ""
 echo "*** SWAP FILE ***"
diff --git a/home.admin/00settingsMenuServices.sh b/home.admin/00settingsMenuServices.sh
index 2a5f3823a..a1531862d 100644
--- a/home.admin/00settingsMenuServices.sh
+++ b/home.admin/00settingsMenuServices.sh
@@ -66,6 +66,8 @@ if [ "${loop}" != "${choice}" ]; then
   errorOnInstall=$?
   if [ "${choice}" =  "on" ]; then
     if [ ${errorOnInstall} -eq 0 ]; then
+      # check macaroons and fix missing
+      /home/admin/config.scripts/lnd.credential.sh check
       sudo systemctl start loopd
       /home/admin/config.scripts/bonus.loop.sh menu
     else
diff --git a/home.admin/config.scripts/bonus.bos.sh b/home.admin/config.scripts/bonus.bos.sh
index 5c91acfb7..1768e90aa 100644
--- a/home.admin/config.scripts/bonus.bos.sh
+++ b/home.admin/config.scripts/bonus.bos.sh
@@ -54,7 +54,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   # create symlink
   sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/bos/.lnd"
   
-  # make sure rtl is member of lndadmin
+  # add user to group with admin access to lnd
   sudo /usr/sbin/usermod --append --groups lndadmin bos
   
   # install bos
diff --git a/home.admin/config.scripts/bonus.loop.sh b/home.admin/config.scripts/bonus.loop.sh
index 510b53729..4c96ca45d 100644
--- a/home.admin/config.scripts/bonus.loop.sh
+++ b/home.admin/config.scripts/bonus.loop.sh
@@ -33,25 +33,58 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   
   isInstalled=$(sudo ls /etc/systemd/system/loopd.service 2>/dev/null | grep -c 'loopd.service')
   if [ ${isInstalled} -eq 0 ]; then
+
+    # install Go
     /home/admin/config.scripts/bonus.go.sh on
     
     # get Go vars
     source /etc/profile
 
-    cd /home/bitcoin
-    sudo -u bitcoin git clone https://github.com/lightninglabs/loop.git
-    cd /home/bitcoin/loop
+    # create dedicated user
+    sudo adduser --disabled-password --gecos "" loop
+
+    # make sure symlink to central app-data directory exists ***"
+    sudo rm -rf /home/loop/.lnd  # not a symlink.. delete it silently
+    # create symlink
+    sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/loop/.lnd"
+
+    # sync all macaroons and unix groups for access
+    /home/admin/config.scripts/lnd.credentials.sh sync
+    # macaroons will be checked after install
+
+    # add user to group with admin access to lnd
+    sudo /usr/sbin/usermod --append --groups lndadmin loop
+    # add user to group with readonly access on lnd
+    sudo /usr/sbin/usermod --append --groups lndreadonly loop
+    # add user to group with invoice access on lnd
+    sudo /usr/sbin/usermod --append --groups lndinvoice loop
+    # add user to groups with all macaroons
+    sudo /usr/sbin/usermod --append --groups lndinvoices loop
+    sudo /usr/sbin/usermod --append --groups lndchainnotifier loop
+    sudo /usr/sbin/usermod --append --groups lndsigner loop
+    sudo /usr/sbin/usermod --append --groups lndwalletkit loop
+    sudo /usr/sbin/usermod --append --groups lndrouter loop
+
+    # install from source
+    cd /home/loop
+    sudo -u loop git clone https://github.com/lightninglabs/loop.git
+    cd /home/loop/loop
+
     # https://github.com/lightninglabs/loop/releases
-    source <(sudo -u admin /home/admin/config.scripts/lnd.update.sh info)
-    if [ ${lndInstalledVersionMain} -lt 10 ]; then
-      sudo -u bitcoin git reset --hard v0.5.1-beta
-    else
-      sudo -u bitcoin git reset --hard v0.6.5-beta
-    fi
-    cd /home/bitcoin/loop/cmd
+    sudo -u loop git reset --hard v0.8.0-beta
+    cd /home/loop/loop/cmd
     go install ./...
     
     # make systemd service
+
+    if [ "${runBehindTor}" = "on" ]; then
+      echo "Will connect to Loop server through Tor"
+      proxy="--server.proxy=127.0.0.1:9050"
+    else
+      echo "Will connect to Loop server through clearnet"
+      proxy=""
+    fi
+
     # sudo nano /etc/systemd/system/loopd.service 
     echo "
 [Unit]
@@ -59,10 +92,10 @@ Description=Loopd Service
 After=lnd.service
 
 [Service]
-WorkingDirectory=/home/bitcoin/loop
-ExecStart=/usr/local/gocode/bin/loopd --network=${chain}net
-User=bitcoin
-Group=bitcoin
+WorkingDirectory=/home/loop/loop
+ExecStart=/usr/local/gocode/bin/loopd --network=${chain}net ${proxy}
+User=loop
+Group=loop
 Type=simple
 KillMode=process
 TimeoutSec=60
@@ -102,10 +135,13 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
   isInstalled=$(sudo ls /etc/systemd/system/loopd.service 2>/dev/null | grep -c 'loopd.service')
   if [ ${isInstalled} -eq 1 ]; then
     echo "*** REMOVING LIGHTNING LOOP SERVICE ***"
+    # remove the systemd service
     sudo systemctl stop loopd
     sudo systemctl disable loopd
     sudo rm /etc/systemd/system/loopd.service
-    sudo rm -rf /home/bitcoin/loop
+    # delete user 
+    sudo userdel -rf loop
+    # delete Go packages
     sudo rm  /usr/local/gocode/bin/loop
     sudo rm  /usr/local/gocode/bin/loopd
     echo "OK, the Loop Service is removed."
diff --git a/home.admin/config.scripts/lnd.credentials.sh b/home.admin/config.scripts/lnd.credentials.sh
index 545fbc981..99f01362b 100755
--- a/home.admin/config.scripts/lnd.credentials.sh
+++ b/home.admin/config.scripts/lnd.credentials.sh
@@ -3,7 +3,7 @@
 # command info
 if [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
   echo "tool to reset or sync credentials (e.g. macaroons)"
-  echo "lnd.credentials.sh [reset|sync] [?tls|macaroons]"
+  echo "lnd.credentials.sh [reset|sync|check] [?tls|macaroons|keepold]"
   exit 1
 fi
 
@@ -59,6 +59,23 @@ function copy_mac_set_perms() {
   sudo /bin/chmod --silent 640 /mnt/hdd/app-data/lnd/data/chain/"${n}"/"${c}"net/"${file_name}"
 }
 
+function check_macaroons() {
+macaroons="admin.macaroon invoice.macaroon readonly.macaroon invoices.macaroon chainnotifier.macaroon signer.macaroon  walletkit.macaroon router.macaroon"
+missing=0
+for macaroon in $macaroons
+do
+  local file_name=${macaroon}
+  local n=${1:-bitcoin} # the network (e.g. bitcoin or litecoin) defaults to bitcoin
+  local c=${2:-main}    # the chain (e.g. main, test, sim, reg) defaults to main (for mainnet)
+  if [ ! -f /mnt/hdd/app-data/lnd/data/chain/"${n}"/"${c}"net/"${macaroon}" ]; then
+    missing=$(($missing + 1))
+    echo "# ${macaroon} is missing ($missing)"
+  else
+    echo "# ${macaroon} is present"
+  fi
+done
+}
+
 ###########################
 # RESET Macaroons and TLS
 ###########################
@@ -78,18 +95,28 @@ if [ "$1" = "reset" ]; then
     resetMacaroons=0
   fi
   if [ "$2" == "macaroons" ]; then
-    echo "# just resetting Macaroons"
+    echo "# just resetting macaroons"
     resetTLS=0
     resetMacaroons=1
+    keepOldMacaroons=0
   fi
-  
+  if [ "$2" == "keepold" ]; then
+    echo "# add the missing default macaroons without deauthenticating the old ones"
+    resetTLS=0
+    resetMacaroons=1
+    keepOldMacaroons=1
+  fi
+
+
   if [ ${resetMacaroons} -eq 1 ]; then
     echo "## Resetting Macaroons"
     echo "# all your macaroons get deleted and recreated"
     cd || exit
     sudo find /mnt/hdd/app-data/lnd/data/chain/"${network}"/"${chain}"net/ -iname '*.macaroon' -delete
     sudo find /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/ -iname '*.macaroon' -delete
-    sudo rm /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/macaroons.db
+    if [ ${keepOldMacaroons} -eq 0 ]; then
+      sudo rm /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/macaroons.db
+    fi
   fi
 
   if [ ${resetTLS} -eq 1 ]; then
@@ -126,10 +153,25 @@ elif [ "$1" = "sync" ]; then
   echo "# make sure LND app-data directories exist"
   sudo /bin/mkdir --mode 0755 --parents /mnt/hdd/app-data/lnd/data/chain/"${network}"/"${chain}"net/
 
+  echo `# make sure all user groups exit for default macaroons`
+  sudo /usr/sbin/groupadd --force --gid 9700 lndadmin
+  sudo /usr/sbin/groupadd --force --gid 9701 lndinvoice
+  sudo /usr/sbin/groupadd --force --gid 9702 lndreadonly
+  sudo /usr/sbin/groupadd --force --gid 9703 lndinvoices
+  sudo /usr/sbin/groupadd --force --gid 9704 lndchainnotifier
+  sudo /usr/sbin/groupadd --force --gid 9705 lndsigner
+  sudo /usr/sbin/groupadd --force --gid 9706 lndwalletkit
+  sudo /usr/sbin/groupadd --force --gid 9707 lndrouter
+
   echo "# copy macaroons to central app-data directory and ensure unix ownerships and permissions"
   copy_mac_set_perms admin.macaroon lndadmin "${network}" "${chain}"
   copy_mac_set_perms invoice.macaroon lndinvoice "${network}" "${chain}"
   copy_mac_set_perms readonly.macaroon lndreadonly "${network}" "${chain}"
+  copy_mac_set_perms invoices.macaroon lndinvoices "${network}" "${chain}"
+  copy_mac_set_perms chainnotifier.macaroon lndchainnotifier "${network}" "${chain}"
+  copy_mac_set_perms signer.macaroon lndsigner "${network}" "${chain}"
+  copy_mac_set_perms walletkit.macaroon lndwalletkit "${network}" "${chain}"
+  copy_mac_set_perms router.macaroon lndrouter "${network}" "${chain}"
 
   echo "# make sure admin has a symlink at ~/.lnd to /mnt/hdd/app-data/lnd/"
   if ! [[ -L "/home/admin/.lnd" ]]; then
@@ -167,6 +209,15 @@ elif [ "$1" = "sync" ]; then
     sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh write-macaroons
   fi
   
+###########################
+# Check Macaroons and fix missing
+###########################
+elif [ "$1" = "check" ]; then
+  check_macaroons ${network} ${chain}
+  if [ $missing -gt 0 ]; then
+    /home/admin/config.scrips/lnd.creds.sh reset keepold
+  fi
+
 ###########################
 # UNKNOWN
 ###########################