Index: asterisk.c
===================================================================
RCS file: /usr/cvsroot/asterisk/asterisk.c,v
retrieving revision 1.189
diff -u -r1.189 asterisk.c
--- asterisk.c	1 Nov 2005 21:53:29 -0000	1.189
+++ asterisk.c	6 Nov 2005 06:44:27 -0000
@@ -195,6 +195,10 @@
 char ast_config_AST_PID[AST_CONFIG_MAX_PATH];
 char ast_config_AST_SOCKET[AST_CONFIG_MAX_PATH];
 char ast_config_AST_RUN_DIR[AST_CONFIG_MAX_PATH];
+char ast_config_AST_RUN_USER[AST_CONFIG_MAX_PATH];
+char ast_config_AST_RUN_GROUP[AST_CONFIG_MAX_PATH];
 char ast_config_AST_CTL_PERMISSIONS[AST_CONFIG_MAX_PATH];
 char ast_config_AST_CTL_OWNER[AST_CONFIG_MAX_PATH] = "\0";
 char ast_config_AST_CTL_GROUP[AST_CONFIG_MAX_PATH] = "\0";
@@ -1886,6 +1890,12 @@
 			} else if ((sscanf(v->value, "%lf", &option_maxload) != 1) || (option_maxload < 0.0)) {
 				option_maxload = 0.0;
 			}
+		/* What user to run as */
+		} else if (!strcasecmp(v->name, "runuser")) {
+			ast_copy_string(ast_config_AST_RUN_USER, v->value, sizeof(ast_config_AST_RUN_USER));
+		/* What group to run as */
+		} else if (!strcasecmp(v->name, "rungroup")) {
+			ast_copy_string(ast_config_AST_RUN_GROUP, v->value, sizeof(ast_config_AST_RUN_GROUP));
 		}
 		v = v->next;
 	}
@@ -2048,6 +2058,10 @@
 		ast_verbose("[ Reading Master Configuration ]");
 	ast_readconfig();
 
+	if ((!rungroup) && !ast_strlen_zero(ast_config_AST_RUN_GROUP))
+		rungroup = ast_config_AST_RUN_GROUP;
+	if ((!runuser) && !ast_strlen_zero(ast_config_AST_RUN_USER))
+		runuser = ast_config_AST_RUN_USER;
 #ifndef __CYGWIN__
 
 	if (!is_child_of_nonroot && ast_set_priority(option_highpriority)) {
@@ -2063,6 +2077,10 @@
 		}
 		if (setgid(gr->gr_gid)) {
 			ast_log(LOG_WARNING, "Unable to setgid to %d (%s)\n", gr->gr_gid, rungroup);
+			exit(1);
+		}
+		if (setgroups(0, NULL)) {
+			ast_log(LOG_WARNING, "Unable to drop unneeded groups\n");
 			exit(1);
 		}
 		if (option_verbose)
Index: doc/README.asterisk.conf
===================================================================
RCS file: /usr/cvsroot/asterisk/doc/README.asterisk.conf,v
retrieving revision 1.6
diff -u -r1.6 README.asterisk.conf
--- doc/README.asterisk.conf	1 Nov 2005 17:22:25 -0000	1.6
+++ doc/README.asterisk.conf	6 Nov 2005 06:44:28 -0000
@@ -49,6 +49,9 @@
 dumpcore = yes | no				; Dump core on failure (-g)
 quiet = yes | no				; Run quietly (-q)
 timestamp = yes | no				; Force timestamping on log entries to console (-T)
+user = asterisk					; User to run asterisk as (-U) NOTE: will require changs to
+						; directory and device permisions
+group = asterisk				; Group to run asterisk as (-G)
 
 ;These options have no command line equivalent
 cache_record_files = yes | no			; Cache record() files in another directory until completion