diff --git a/tlsserver.go b/tlsserver.go
index 3022f0e..9d3806d 100644
--- a/tlsserver.go
+++ b/tlsserver.go
@@ -8,12 +8,15 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"syscall"
 )
 
 var (
 	cfile = flag.String("cert", "cert.pem", "Certificate file in PEM format")
 	kfile = flag.String("key", "key.pem", "Key file in PEM format")
 	port = flag.Int("port", 1234, "Port to bind to")
+	uid = flag.Int("uid", -1, "UID to run under")
+	gid = flag.Int("gid", -1, "GID to run under")
 	args []string
 	nargs int
 )
@@ -50,6 +53,25 @@ func main() {
 	}
 	defer sock.Close()
 
+	// set uid/gid
+	if *gid >= 0 {
+		err := syscall.Setgid(*gid)
+		if err != nil {
+			fmt.Println("Couldn't setgid to", *gid, ":", err)
+			os.Exit(4)
+		}
+	}
+
+	if *uid >= 0 {
+		err := syscall.Setuid(*uid)
+		if err != nil {
+			fmt.Println("Couldn't setuid to", *uid, ":", err)
+			os.Exit(4)
+		}
+	}
+
+
+
 	// accept-loop
 	for {
 		conn, err := sock.Accept()