diff --git a/README.md b/README.md
index 4d16e8c..76f5ddc 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,9 @@ Create a configuration file in YAML format somewhere:
 # listen address and port
 host: "0.0.0.0"
 port: "80"
+# optional: drop priviliges in case you want to but you may need sudo for external commands
+user: "nobody"
+group: "nogroup"
 # logfile is optional, logs to STDOUT else
 logfile: "dyndnsd.log"
 # interal database file
diff --git a/lib/dyndnsd.rb b/lib/dyndnsd.rb
index b038dd0..0ead685 100644
--- a/lib/dyndnsd.rb
+++ b/lib/dyndnsd.rb
@@ -1,5 +1,6 @@
 #!/usr/bin/env ruby
 
+require 'etc'
 require 'logger'
 require 'ipaddr'
 require 'json'
@@ -144,6 +145,10 @@ module Dyndnsd
       Dyndnsd.logger.formatter = LogFormatter.new
 
       Dyndnsd.logger.info "Starting..."
+      
+      # drop privs (first change group than user)
+      Process::Sys.setgid(Etc.getgrnam(config['group']).gid) if config['group']
+      Process::Sys.setuid(Etc.getpwnam(config['user']).uid) if config['user']
 
       # configure metriks
       reporter = Metriks::Reporter::ProcTitle.new