Index: radvd.init
===================================================================
--- radvd.init	(revision 28379)
+++ radvd.init	(working copy)
@@ -407,6 +407,30 @@
 	return 0
 }
 
+radvd_start_secure() {
+	local cfg=$1
+	local secure
+
+	validate_varname "$cfg" || return 0
+
+	config_get_bool secure "$cfg" secure_mode 0
+	[ "$secure" -ne 1 ] && return 0
+
+	config_get RADVD_USERNAME "$cfg" username
+	if [ -z "$RADVD_USERNAME" ]; then
+		logger -t "radvd startup" "username required for secure mode, radvd will run as root"
+		return 1
+	fi
+
+	config_get RADVD_GROUP "$cfg" group
+	if [ -z "$RADVD_GROUP" ] ; then
+		logger -t "radvd startup" "group required for secure mode, radvd will run as root"
+		return 1
+	fi
+
+	return 0
+}
+
 start() {
 	config_load radvd
 
@@ -425,7 +449,17 @@
 
 	sysctl -w net.ipv6.conf.all.forwarding=1 > /dev/null 2> /dev/null
 
-	radvd -C "$RADVD_CONFIG_FILE" -m stderr_syslog -p /var/run/radvd.pid
+	RADVD_USERNAME=
+	RADVD_GROUP=
+	config_foreach radvd_start_secure radvd
+
+	if [ ! -z "$RADVD_USERNAME" ] && [ ! -z "$RADVD_GROUP" ]; then
+		mkdir -p /var/run/radvd
+		chown $RADVD_USERNAME:$RADVD_GROUP /var/run/radvd
+		radvd -u $RADVD_USERNAME -C "$RADVD_CONFIG_FILE" -m stderr_syslog -p /var/run/radvd/radvd.pid
+	else
+		radvd -C "$RADVD_CONFIG_FILE" -m stderr_syslog -p /var/run/radvd.pid
+	fi
 }
 
 stop() {