This daemon shouldn't run as root. With privsep() we can handle in a regular fashion changing user and group to a custom user.