diff --git a/ChangeLog b/ChangeLog
index 8c8c6f1ac2d827566ddd817323fe227ad1c1e615..d4befd085ad532076627b2007ee07acffa55ef9d 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 2005-11-07  Kevin P. Fleming  <kpfleming@digium.com>
 
+	* asterisk.c: support 'runuser' and 'rungroup' options in asterisk.conf (issue #5621)
+
 	* res/Makefile, apps/Makefile, channels/Makefile, Makefile: support WITHOUT_ZAPTEL define to forcibly avoid building Zaptel support (issue #5634)
 
 	* Makefile: various fixes (issue #5633)
diff --git a/asterisk.c b/asterisk.c
index 71aef7d456211a4c82d572fa96499b3857283b1a..dab5c5342ee380117f2f61c08a354c32b4c93374 100755
--- a/asterisk.c
+++ b/asterisk.c
@@ -194,6 +194,8 @@ char ast_config_AST_KEY_DIR[AST_CONFIG_MAX_PATH];
 char ast_config_AST_PID[AST_CONFIG_MAX_PATH];
 char ast_config_AST_SOCKET[AST_CONFIG_MAX_PATH];
 char ast_config_AST_RUN_DIR[AST_CONFIG_MAX_PATH];
+char ast_config_AST_RUN_USER[AST_CONFIG_MAX_PATH];
+char ast_config_AST_RUN_GROUP[AST_CONFIG_MAX_PATH];
 char ast_config_AST_CTL_PERMISSIONS[AST_CONFIG_MAX_PATH];
 char ast_config_AST_CTL_OWNER[AST_CONFIG_MAX_PATH] = "\0";
 char ast_config_AST_CTL_GROUP[AST_CONFIG_MAX_PATH] = "\0";
@@ -1885,6 +1887,12 @@ static void ast_readconfig(void) {
 			} else if ((sscanf(v->value, "%lf", &option_maxload) != 1) || (option_maxload < 0.0)) {
 				option_maxload = 0.0;
 			}
+		/* What user to run as */
+		} else if (!strcasecmp(v->name, "runuser")) {
+			ast_copy_string(ast_config_AST_RUN_USER, v->value, sizeof(ast_config_AST_RUN_USER));
+		/* What group to run as */
+		} else if (!strcasecmp(v->name, "rungroup")) {
+			ast_copy_string(ast_config_AST_RUN_GROUP, v->value, sizeof(ast_config_AST_RUN_GROUP));
 		}
 		v = v->next;
 	}
@@ -2047,6 +2055,10 @@ int main(int argc, char *argv[])
 		ast_verbose("[ Reading Master Configuration ]");
 	ast_readconfig();
 
+	if ((!rungroup) && !ast_strlen_zero(ast_config_AST_RUN_GROUP))
+		rungroup = ast_config_AST_RUN_GROUP;
+	if ((!runuser) && !ast_strlen_zero(ast_config_AST_RUN_USER))
+		runuser = ast_config_AST_RUN_USER;
 #ifndef __CYGWIN__
 
 	if (!is_child_of_nonroot && ast_set_priority(option_highpriority)) {
@@ -2064,6 +2076,10 @@ int main(int argc, char *argv[])
 			ast_log(LOG_WARNING, "Unable to setgid to %d (%s)\n", gr->gr_gid, rungroup);
 			exit(1);
 		}
+		if (setgroups(0, NULL)) {
+			ast_log(LOG_WARNING, "Unable to drop unneeded groups\n");
+			exit(1);
+		}
 		if (option_verbose)
 			ast_verbose("Running as group '%s'\n", rungroup);
 	}
diff --git a/doc/README.asterisk.conf b/doc/README.asterisk.conf
index d2d8befcdd354fd6ac3831787512055cc52a56e8..953ad55975753731825e6b137c247d7244468f68 100755
--- a/doc/README.asterisk.conf
+++ b/doc/README.asterisk.conf
@@ -49,6 +49,9 @@ nocolor = yes | no				; Disable ANSI colors (-n)
 dumpcore = yes | no				; Dump core on failure (-g)
 quiet = yes | no				; Run quietly (-q)
 timestamp = yes | no				; Force timestamping on log entries to console (-T)
+user = asterisk					; User to run asterisk as (-U) NOTE: will require changes to
+						; directory and device permisions
+group = asterisk				; Group to run asterisk as (-G)
 
 ;These options have no command line equivalent
 cache_record_files = yes | no			; Cache record() files in another directory until completion