diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1fea1b1..90c57a5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,3 +4,4 @@
 ### Features
 * Install Arpwatch.
 * Ensure the service is in the desired state.
+* Allow to set the user that run Arpwatch.
diff --git a/README.md b/README.md
index e087077..d720713 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,7 @@ Manage Arpwatch installation and configuration.
 * **arpwatch__service_manage** : If the arpwatch service should be managed [default : `True`].
 * **arpwatch__service_name** : The service name to manage [default : `arpwatch`].
 * **arpwatch__conf_src** : Template used to provide configuration file [default : `../templates/etc/arpwatch.conf.j2`].
+* **arpwatch__conf_username** : Username that should run Arpwatch [default : `arpwatch`].
 
 ## Example Playbook
 
@@ -35,6 +36,7 @@ Manage Arpwatch installation and configuration.
 This role will :
 * Install needed packages to provide `arpwatch` service.
 * Manage `arpwatch` configuration (/etc/arpwatch.conf).
+* Allow to set the user that run Arpwatch.
 * Ensure `arpwatch` service is enabled and started.
 * Ensure to restart `arpwatch` service if configuration changed.
 
diff --git a/defaults/main.yml b/defaults/main.yml
index 7851f33..57677f2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -54,5 +54,14 @@ arpwatch__service_manage: True
 arpwatch__conf_src: '../templates/etc/arpwatch.conf.j2'
 
                                                                    # ]]]
+# .. envvar:: arpwatch__conf_username [[[.
+# Username that should run Arpwatch.
+#
+# The value should be a string with an existing username.
+# ``arpwatch``
+#   Default. Created during installation.
+arpwatch__conf_username: 'arpwatch'
+
+                                                                   # ]]]
 
                                                                    # ]]]
diff --git a/tasks/main.yml b/tasks/main.yml
index 9f5c18b..f961a62 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -14,6 +14,7 @@
   when: arpwatch__enabled|bool
 
 # Manage configuration file [[[1
+## Manage Arpwatch configuration [[[
 - name: Create Arpwatch configuration
   template:
     src: '{{ arpwatch__conf_src }}'
@@ -23,6 +24,19 @@
     mode: '0644'
   when: arpwatch__enabled|bool
   notify: ['restart arpwatch service']
+                                                                   # ]]]
+## Manage service default [[[
+- name: Manage service default
+  template:
+    src: '../templates/etc/default/arpwatch.j2'
+    dest: "/etc/default/arpwatch"
+    owner: root
+    group: root
+    mode: '0644'
+  when: '{{ ((arpwatch__enabled | bool) and
+             (arpwatch__service_manage | bool)) }}'
+  notify: ['restart arpwatch service']
+                                                                   # ]]]
 
 # Manage service [[[1
 - name: Manage arpwatch service
diff --git a/templates/etc/default/arpwatch.j2 b/templates/etc/default/arpwatch.j2
new file mode 100644
index 0000000..407c82a
--- /dev/null
+++ b/templates/etc/default/arpwatch.j2
@@ -0,0 +1,9 @@
+## {{ ansible_managed }}
+
+# Global options for arpwatch(8).
+
+# Debian: don't report bogons, don't use PROMISC.
+ARGS="-N -p"
+
+# Debian: run as `{{ arpwatch__conf_username }}' user.  Empty this to run as root.
+RUNAS="{{ arpwatch__conf_username }}"