diff --git a/conf/aphlict/aphlict.default.json b/conf/aphlict/aphlict.default.json
--- a/conf/aphlict/aphlict.default.json
+++ b/conf/aphlict/aphlict.default.json
@@ -22,5 +22,6 @@
       "path": "/var/log/aphlict.log"
     }
   ],
-  "pidfile": "/var/tmp/aphlict/pid/aphlict.pid"
+  "pidfile": "/var/tmp/aphlict/pid/aphlict.pid",
+  "user": ""
 }
diff --git a/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php b/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php
--- a/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php
+++ b/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php
@@ -79,6 +79,7 @@
           'cluster' => 'optional list<wild>',
           'pidfile' => 'string',
           'memory.hint' => 'optional int',
+          'user' => 'optional string|null',
         ));
     } catch (Exception $ex) {
       throw new PhutilArgumentUsageException(
@@ -287,6 +288,14 @@
           $dir,
           $ex->getMessage()));
     }
+
+    $user = idx($data, 'user');
+    if ($user && ($user === 'root')) {
+      throw new PhutilArgumentUsageException(
+        pht(
+          'The notification server should not be run as root :'.
+          'thus, you should specify an other user than root.'));
+    }
   }
 
   final public function getPIDPath() {
@@ -521,12 +530,23 @@
   }
 
   private function getStartCommand(array $server_argv) {
-    return csprintf(
-      '%R %Ls -- %s %Ls',
-      $this->getNodeBinary(),
-      $this->getNodeArgv(),
-      $this->getAphlictScriptPath(),
-      $server_argv);
+    $user = idx($this->configData, 'user');
+    if ($user) {
+      return csprintf(
+        'sudo -En -u %s %R %Ls -- %s %Ls',
+        $user,
+        $this->getNodeBinary(),
+        $this->getNodeArgv(),
+        $this->getAphlictScriptPath(),
+        $server_argv);
+    } else {
+      return csprintf(
+        '%R %Ls -- %s %Ls',
+        $this->getNodeBinary(),
+        $this->getNodeArgv(),
+        $this->getAphlictScriptPath(),
+        $server_argv);
+    }
   }
 
 }
diff --git a/src/docs/user/configuration/notifications.diviner b/src/docs/user/configuration/notifications.diviner
--- a/src/docs/user/configuration/notifications.diviner
+++ b/src/docs/user/configuration/notifications.diviner
@@ -83,6 +83,11 @@
   - `memory.hint`: //Optional int.// Suggestion to `node` about how much
     memory to use, via `--max-old-stack-size`. In most cases, this can be
     left unspecified.
+  - `user`: //Optional string.// User that must run the `node` server.
+    Be sure you can `sudo` from your current user to this user without password
+    for the `node` command. If left unspecified, phabricator will skip the sudo
+    part. Since aphlict requires the node server to use low privileges, `user`
+    cannot be set to `root`.
 
 Each server in the `servers` list should be an object with these keys: