2 files changed, 4 insertions, 12 deletions

diff --git a/system/systemd/netdata.service.in b/system/systemd/netdata.service.in
index 25d95b2b8..afdac114c 100644
--- a/system/systemd/netdata.service.in
+++ b/system/systemd/netdata.service.in
@@ -7,8 +7,7 @@ After=network.target httpd.service squid.service nfs-server.service mysqld.servi
 
 [Service]
 Type=simple
-User=@netdata_user_POST@
-Group=netdata
+User=root
 RuntimeDirectory=netdata
 RuntimeDirectoryMode=0775
 PIDFile=/run/netdata/netdata.pid
@@ -60,6 +59,8 @@ CapabilityBoundingSet=CAP_SYS_CHROOT
 CapabilityBoundingSet=CAP_NET_ADMIN
 # is required for plugins that use sudo
 CapabilityBoundingSet=CAP_SETGID CAP_SETUID
+# is required to change file ownership
+CapabilityBoundingSet=CAP_CHOWN
 
 # Sandboxing
 ProtectSystem=full
diff --git a/system/systemd/netdata.service.v235.in b/system/systemd/netdata.service.v235.in
index e3232056f..be5de4e36 100644
--- a/system/systemd/netdata.service.v235.in
+++ b/system/systemd/netdata.service.v235.in
@@ -7,16 +7,7 @@ After=network.target httpd.service squid.service nfs-server.service mysqld.servi
 
 [Service]
 Type=simple
-User=@netdata_user_POST@
-Group=netdata
-RuntimeDirectory=netdata
-CacheDirectory=netdata
-StateDirectory=netdata
-LogsDirectory=netdata
-RuntimeDirectoryMode=0775
-StateDirectoryMode=0755
-CacheDirectoryMode=0755
-LogsDirectoryMode=2750
+User=root
 EnvironmentFile=-/etc/default/netdata
 ExecStart=@sbindir_POST@/netdata -D $EXTRA_OPTS