diff --git a/exec/mainconfig.c b/exec/mainconfig.c
index 2857b57d..5b566fa2 100644
--- a/exec/mainconfig.c
+++ b/exec/mainconfig.c
@@ -433,19 +433,20 @@ int corosync_main_config_read (
 		strlen ("aisexec"),
 		&object_find_handle);
 
+	main_config->uid = uid_determine("ais");
+	main_config->gid = gid_determine("ais");
+
 	if (objdb->object_find_next (
 		object_find_handle,
 		&object_service_handle) == 0) {
 
 		if (!objdb_get_string (objdb,object_service_handle, "user", &value)) {
 			main_config->uid = uid_determine(value);
-		} else
-			main_config->uid = uid_determine("ais");
+		}
 
 		if (!objdb_get_string (objdb,object_service_handle, "group", &value)) {
 			main_config->gid = gid_determine(value);
-		} else
-			main_config->gid = gid_determine("ais");
+		}
 	}
 
 	objdb->object_find_destroy (object_find_handle);
diff --git a/man/corosync.conf.5 b/man/corosync.conf.5
index a3b7ce13..fa418b7c 100644
--- a/man/corosync.conf.5
+++ b/man/corosync.conf.5
@@ -55,6 +55,9 @@ This top level directive contains configuration options for logging.
 .TP
 event { }
 This top level directive contains configuration options for the event service.
+.TP
+aisexec { }
+This top level directive contains configuration options for user privilegies.
 
 .PP
 .PP
@@ -502,6 +505,20 @@ enter|leave|trace1|trace2|trace3|...
 
 The default is none.
 
+.PP
+Within the
+.B aisexec
+directive, there are two configuration options which are all optional:
+.TP
+user
+.TP
+group
+These specify the user and group, which is able to run and use corosync.
+In any case, this is able to do root:root. But if you don't want run
+corosync as root, you can use this directives.
+
+The default is ais.
+
 .SH "FILES"
 .TP
 /etc/corosync.conf