diff --git a/doc/chronyd.adoc b/doc/chronyd.adoc
index 739950b..c9f51b3 100644
--- a/doc/chronyd.adoc
+++ b/doc/chronyd.adoc
@@ -145,6 +145,16 @@ On macOS, FreeBSD, NetBSD and Solaris *chronyd* forks into two processes.
 The child process retains root privileges, but can only perform a very limited
 range of privileged system calls on behalf of the parent.
 
+*-U*::
+This option disables a check for root privileges to allow *chronyd* to be
+started under a non-root user, assuming the process will have all capabilities
+(e.g. provided by the service manager) and access to all files, directories,
+and devices, needed to operate correctly in the specified configuration. Note
+that different capabilities might be needed with different configurations and
+different Linux kernel versions. Starting *chronyd* under a non-root user is
+not recommended when the configuration is not known, or at least limited to
+specific directives.
+
 *-F* _level_::
 This option configures a system call filter when *chronyd* is compiled with
 support for the Linux secure computing (seccomp) facility. In level 1 the
diff --git a/main.c b/main.c
index 0c9be36..958d047 100644
--- a/main.c
+++ b/main.c
@@ -411,7 +411,7 @@ int main
   int do_init_rtc = 0, restarted = 0, client_only = 0, timeout = -1;
   int scfilter_level = 0, lock_memory = 0, sched_priority = 0;
   int clock_control = 1, system_log = 1, log_severity = LOGS_INFO;
-  int config_args = 0, print_config = 0;
+  int user_check = 1, config_args = 0, print_config = 0;
 
   do_platform_checks();
 
@@ -431,7 +431,7 @@ int main
   optind = 1;
 
   /* Parse short command-line options */
-  while ((opt = getopt(argc, argv, "46df:F:hl:L:mnpP:qQrRst:u:vx")) != -1) {
+  while ((opt = getopt(argc, argv, "46df:F:hl:L:mnpP:qQrRst:u:Uvx")) != -1) {
     switch (opt) {
       case '4':
       case '6':
@@ -462,7 +462,7 @@ int main
         break;
       case 'p':
         print_config = 1;
-        client_only = 1;
+        user_check = 0;
         nofork = 1;
         system_log = 0;
         break;
@@ -479,6 +479,7 @@ int main
         ref_mode = REF_ModePrintOnce;
         nofork = 1;
         client_only = 1;
+        user_check = 0;
         clock_control = 0;
         system_log = 0;
         break;
@@ -497,6 +498,9 @@ int main
       case 'u':
         user = optarg;
         break;
+      case 'U':
+        user_check = 0;
+        break;
       case 'v':
         print_version();
         return 0;
@@ -509,7 +513,7 @@ int main
     }
   }
 
-  if (getuid() && !client_only)
+  if (user_check && getuid() != 0)
     LOG_FATAL("Not superuser");
 
   /* Turn into a daemon */