diff --git a/ulogd.c b/ulogd.c
index 5707ef8..1dee926 100644
--- a/ulogd.c
+++ b/ulogd.c
@@ -87,6 +87,11 @@
 #define ULOGD_CONFIGFILE	"/etc/ulogd.conf"
 #endif
 
+/* default user to run as or "" */
+#ifndef ULOGD_USER_DEFAULT
+#define ULOGD_USER_DEFAULT	""
+#endif
+
 /* global variables */
 static struct ipulog_handle *libulog_h;	/* our libipulog handle */
 static unsigned char* libulog_buf;	/* the receive buffer */
@@ -545,7 +550,12 @@ static config_entry_t nlgroup_ce = { &plugin_ce, "nlgroup", CONFIG_TYPE_INT,
 static config_entry_t loglevel_ce = { &nlgroup_ce, "loglevel", CONFIG_TYPE_INT,
 				      CONFIG_OPT_NONE, 0, 
 				      { value: ULOGD_NOTICE } };
-static config_entry_t rmem_ce = { &loglevel_ce, "rmem", CONFIG_TYPE_INT,
+
+static config_entry_t user_ce = { &loglevel_ce, "user", CONFIG_TYPE_STRING,
+				  CONFIG_OPT_NONE, 0,
+				  { string: ULOGD_USER_DEFAULT } };
+
+static config_entry_t rmem_ce = { &user_ce, "rmem", CONFIG_TYPE_INT,
 				  CONFIG_OPT_NONE, 0, 
 				  { value: ULOGD_RMEM_DEFAULT } };
 
@@ -695,14 +705,17 @@ int main(int argc, char* argv[])
 		case 'u':
 			change_uid = 1;
 			user = strdup(optarg);
+			setpwent();
 			pw = getpwnam(user);
 			if (!pw) {
 				printf("Unknown user %s.\n", user);
+				endpwent();
 				free(user);
 				exit(1);
 			}
 			uid = pw->pw_uid;
 			gid = pw->pw_gid;
+			endpwent();
 			break;
 		}
 	}
@@ -740,7 +753,23 @@ int main(int argc, char* argv[])
 		exit(1);
 	}
 
-
+	/* if no -u cmd line option set, read the user option from config. */
+	if (!change_uid && strlen(user_ce.u.string))
+	{
+		change_uid = 1;
+		user = strdup(user_ce.u.string);
+		setpwent();
+		pw = getpwnam(user);
+		if (!pw) {
+			printf("Unknown user %s.\n", user);
+			endpwent();
+			free(user);
+			exit(1);
+		}
+		uid = pw->pw_uid;
+		gid = pw->pw_gid;
+		endpwent();
+	}
 	if (change_uid) {
 		ulogd_log(ULOGD_NOTICE, "Changing UID / GID\n");
 		if (setgid(gid)) {
diff --git a/ulogd.conf.in b/ulogd.conf.in
index e0c873a..56b4e1f 100644
--- a/ulogd.conf.in
+++ b/ulogd.conf.in
@@ -7,6 +7,9 @@
 # GLOBAL OPTIONS
 ######################################################################
 
+# username to run as (runs as root if not set)
+user=ulogd
+
 # netlink multicast group (the same as the iptables --ulog-nlgroup param)
 nlgroup=1