diff --git a/.gitignore b/.gitignore
index ca7ff6d..da68ad3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
 *.json
 *.txt
 gdns
+gdns_arm
diff --git a/cfg.go b/cfg.go
index c97201a..1daedcd 100644
--- a/cfg.go
+++ b/cfg.go
@@ -44,6 +44,8 @@ type Rule struct {
 
 type cfg struct {
 	Listen         []string `json:"listen"`
+	User           string   `json:"user"`
+	Group          string   `json:"group"`
 	listen         []addr
 	ServersString  []string `json:"default_servers"`
 	servers        []addr
diff --git a/example_config/config.json b/example_config/config.json
index e4bc881..9baacab 100644
--- a/example_config/config.json
+++ b/example_config/config.json
@@ -1,6 +1,8 @@
 {
     "listen":["tcp:0.0.0.0:8053","udp::8053"],
     "default_servers":["tcp:208.67.222.222:53","tcp:8.8.8.8:53"],
+    "user":"nobody",
+    "group":"nogroup",
     "ttl":3600,
     "timeout":1,
     "blacklist_ips":["ip.txt"],
diff --git a/server.go b/server.go
index 274bbcf..243c554 100644
--- a/server.go
+++ b/server.go
@@ -2,16 +2,24 @@ package main
 
 import (
 	"flag"
+	"github.com/fangdingjun/gpp/util"
 	"github.com/miekg/dns"
 	"log"
 	"os"
+	"time"
 )
 
 func initListeners(c *cfg) {
 	for _, a := range c.listen {
 		log.Printf("Listen on %s %s...\n", a.network, a.addr)
-		s := dns.Server{Addr: a.addr, Net: a.network}
-		go s.ListenAndServe()
+		s := &dns.Server{Addr: a.addr, Net: a.network}
+		go func(s *dns.Server) {
+			err := s.ListenAndServe()
+			if err != nil {
+				log.Println(err)
+				os.Exit(-1)
+			}
+		}(s)
 	}
 }
 
@@ -30,5 +38,13 @@ func main() {
 	initRouters(config)
 	initListeners(config)
 
+	// make a delay to make sure net bind completed before drop privilege
+	time.Sleep(time.Second)
+
+	err = util.DropPrivilege(config.User, config.Group)
+	if err != nil {
+		log.Println(err)
+	}
+
 	select {}
 }