diff --git a/README.markdown b/README.markdown
index 1e5d5fd..37cc4ec 100644
--- a/README.markdown
+++ b/README.markdown
@@ -24,12 +24,12 @@ curl -d "GET/hello" http://127.0.0.1:7379/
 * Restricted commands by IP range (CIDR subnet + mask) or HTTP Basic Auth, returning 403 errors.
 * Possible Redis authentication in the config file.
 * Pub/Sub using `Transfer-Encoding: chunked`, works with JSONP as well. Webdis can be used as a Comet server.
+* Drop privileges on startup.
 
 # Ideas, TODO...
 * Add meta-data info per key (MIME type in a second key, for instance).
 * Support PUT, DELETE, HEAD, OPTIONS? How? For which commands?
 * MULTI/EXEC/DISCARD/WATCH are disabled at the moment; find a way to use them.
-* Drop privileges on startup.
 * Add logs.
 * Support POST of raw Redis protocol data, and execute the whole thing. This could be useful for MULTI/EXEC transactions.
 * Enrich config file:
diff --git a/conf.c b/conf.c
index 110d1ec..839192d 100644
--- a/conf.c
+++ b/conf.c
@@ -3,6 +3,9 @@
 #include <string.h>
 #include <ctype.h>
 #include <arpa/inet.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
 
 #include <jansson.h>
 #include <evhttp.h>
@@ -27,6 +30,8 @@ conf_read(const char *filename) {
 	conf->redis_port = 6379;
 	conf->http_host = strdup("0.0.0.0");
 	conf->http_port = 7379;
+	conf->user = getuid();
+	conf->group = getgid();
 
 	j = json_load_file(filename, 0, &error);
 	if(!j) {
@@ -51,6 +56,16 @@ conf_read(const char *filename) {
 			conf->http_port = (short)json_integer_value(jtmp);
 		} else if(strcmp(json_object_iter_key(kv), "acl") == 0 && json_typeof(jtmp) == JSON_ARRAY) {
 			conf->perms = conf_parse_acls(jtmp);
+		} else if(strcmp(json_object_iter_key(kv), "user") == 0 && json_typeof(jtmp) == JSON_STRING) {
+			struct passwd *u;
+			if((u = getpwnam(json_string_value(jtmp)))) {
+				conf->user = u->pw_uid;
+			}
+		} else if(strcmp(json_object_iter_key(kv), "group") == 0 && json_typeof(jtmp) == JSON_STRING) {
+			struct group *g;
+			if((g = getgrnam(json_string_value(jtmp)))) {
+				conf->group = g->gr_gid;
+			}
 		}
 	}
 
diff --git a/conf.h b/conf.h
index b09056d..d700fe8 100644
--- a/conf.h
+++ b/conf.h
@@ -1,16 +1,25 @@
 #ifndef CONF_H
 #define CONF_H
 
+#include <sys/types.h>
+
 struct conf {
 
+	/* connection to Redis */
 	char *redis_host;
 	short redis_port;
 	char *redis_auth;
 
+	/* HTTP server interface */
 	char *http_host;
 	short http_port;
 
+	/* ACL */
 	struct acl *perms;
+
+	/* user/group */
+	uid_t user;
+	gid_t group;
 };
 
 struct conf *
diff --git a/server.c b/server.c
index fe2ebc4..a285eca 100644
--- a/server.c
+++ b/server.c
@@ -6,6 +6,7 @@
 #include <hiredis/adapters/libevent.h>
 #include <jansson.h>
 
+#include <unistd.h>
 #include <signal.h>
 #include <string.h>
 
@@ -141,6 +142,10 @@ server_start(struct server *s) {
 	evhttp_bind_socket(s->http, s->cfg->http_host, s->cfg->http_port);
 	evhttp_set_gencb(s->http, on_request, s);
 
+	/* drop privileges */
+	setuid(s->cfg->user);
+	setgid(s->cfg->group);
+
 	/* attach hiredis to libevent base */
 	webdis_connect(s);