diff --git a/pkg/service/v0/accounts.go b/pkg/service/v0/accounts.go
index 6a3e8ec2c..18d042997 100644
--- a/pkg/service/v0/accounts.go
+++ b/pkg/service/v0/accounts.go
@@ -32,6 +32,9 @@ import (
 	_ "github.com/tredoe/osutil/user/crypt/sha512_crypt"
 )
 
+// accLock mutually exclude readers from writers on account files
+var accLock sync.RWMutex
+
 func (s Service) indexAccounts(path string) (err error) {
 	var f *os.File
 	if f, err = os.Open(path); err != nil {
@@ -74,6 +77,9 @@ var authQuery = regexp.MustCompile(`^login eq '(.*)' and password eq '(.*)'$`) /
 func (s Service) loadAccount(id string, a *proto.Account) (err error) {
 	path := filepath.Join(s.Config.Server.AccountsDataPath, "accounts", id)
 
+	accLock.Lock()
+	defer accLock.Unlock()
+
 	var data []byte
 	if data, err = ioutil.ReadFile(path); err != nil {
 		return merrors.NotFound(s.id, "could not read account: %v", err.Error())
@@ -85,8 +91,6 @@ func (s Service) loadAccount(id string, a *proto.Account) (err error) {
 	return
 }
 
-var accountMutex sync.Mutex
-
 func (s Service) writeAccount(a *proto.Account) (err error) {
 
 	// leave only the group id
@@ -99,8 +103,8 @@ func (s Service) writeAccount(a *proto.Account) (err error) {
 
 	path := filepath.Join(s.Config.Server.AccountsDataPath, "accounts", a.Id)
 
-	accountMutex.Lock()
-	defer accountMutex.Unlock()
+	accLock.Lock()
+	defer accLock.Unlock()
 	if err = ioutil.WriteFile(path, bytes, 0600); err != nil {
 		return merrors.InternalServerError(s.id, "could not write account: %v", err.Error())
 	}
diff --git a/pkg/service/v0/groups.go b/pkg/service/v0/groups.go
index 150dc7d60..63ca4a0c0 100644
--- a/pkg/service/v0/groups.go
+++ b/pkg/service/v0/groups.go
@@ -36,6 +36,9 @@ func (s Service) indexGroups(path string) (err error) {
 	return
 }
 
+// accLock mutually exclude readers from writers on group files
+var groupLock sync.RWMutex
+
 func (s Service) indexGroup(id string) error {
 	g := &proto.BleveGroup{
 		BleveType: "group",
@@ -55,6 +58,8 @@ func (s Service) indexGroup(id string) error {
 func (s Service) loadGroup(id string, g *proto.Group) (err error) {
 	path := filepath.Join(s.Config.Server.AccountsDataPath, "groups", id)
 
+	groupLock.Lock()
+	defer groupLock.Unlock()
 	var data []byte
 	if data, err = ioutil.ReadFile(path); err != nil {
 		return merrors.NotFound(s.id, "could not read group: %v", err.Error())
@@ -67,8 +72,6 @@ func (s Service) loadGroup(id string, g *proto.Group) (err error) {
 	return
 }
 
-var groupMutex sync.Mutex
-
 func (s Service) writeGroup(g *proto.Group) (err error) {
 
 	// leave only the member id
@@ -81,8 +84,8 @@ func (s Service) writeGroup(g *proto.Group) (err error) {
 
 	path := filepath.Join(s.Config.Server.AccountsDataPath, "groups", g.Id)
 
-	groupMutex.Lock()
-	defer groupMutex.Unlock()
+	groupLock.Lock()
+	defer groupLock.Unlock()
 	if err = ioutil.WriteFile(path, bytes, 0600); err != nil {
 		return merrors.InternalServerError(s.id, "could not write group: %v", err.Error())
 	}