diff --git a/packaging/rpm/ja4sentinel.spec b/packaging/rpm/ja4sentinel.spec
index 32887dd..7e3544f 100644
--- a/packaging/rpm/ja4sentinel.spec
+++ b/packaging/rpm/ja4sentinel.spec
@@ -53,19 +53,15 @@ install -m 640 %{_sourcedir}/config.yml %{buildroot}/etc/ja4sentinel/config.yml.
 install -m 640 %{_sourcedir}/config.yml %{buildroot}/usr/share/ja4sentinel/config.yml
 
 %pre
-# Create system user and group (compatible with CentOS 7+)
-getent group ja4sentinel >/dev/null || groupadd -r ja4sentinel
-getent passwd ja4sentinel >/dev/null || \
-    useradd -r -g ja4sentinel -d /var/lib/ja4sentinel -s /sbin/nologin \
-    -c "JA4Sentinel Service User" ja4sentinel
+# No user creation needed - service runs as root for packet capture
 exit 0
 
 %post
-# Set proper ownership
-chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel 2>/dev/null || true
-chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel 2>/dev/null || true
-chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel 2>/dev/null || true
-chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel 2>/dev/null || true
+# Set proper ownership (root:root for packet capture)
+chown -R root:root /var/lib/ja4sentinel 2>/dev/null || true
+chown -R root:root /var/run/ja4sentinel 2>/dev/null || true
+chown -R root:root /var/log/ja4sentinel 2>/dev/null || true
+chown -R root:root /etc/ja4sentinel 2>/dev/null || true
 
 # Set proper permissions
 chmod 750 /var/lib/ja4sentinel 2>/dev/null || true
@@ -75,7 +71,6 @@ chmod 750 /etc/ja4sentinel 2>/dev/null || true
 # Install config if not exists
 if [ ! -f /etc/ja4sentinel/config.yml ]; then
     cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml
-    chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml 2>/dev/null || true
     chmod 640 /etc/ja4sentinel/config.yml
 fi
 
diff --git a/packaging/systemd/ja4sentinel.service b/packaging/systemd/ja4sentinel.service
index 5f5d0e6..1c24447 100644
--- a/packaging/systemd/ja4sentinel.service
+++ b/packaging/systemd/ja4sentinel.service
@@ -6,17 +6,16 @@ Wants=network-online.target
 
 [Service]
 Type=simple
-User=ja4sentinel
-Group=ja4sentinel
+User=root
+Group=root
 WorkingDirectory=/var/lib/ja4sentinel
 ExecStart=/usr/bin/ja4sentinel --config /etc/ja4sentinel/config.yml
 Restart=on-failure
 RestartSec=5
 Environment=JA4SENTINEL_LOG_LEVEL=info
 
-# Security hardening
-NoNewPrivileges=yes
-ProtectSystem=full
+# Security hardening (compatible with root for packet capture)
+ProtectSystem=strict
 ProtectHome=yes
 PrivateTmp=yes
 ProtectKernelTunables=yes
@@ -24,10 +23,10 @@ ProtectKernelModules=yes
 ProtectControlGroups=yes
 RestrictRealtime=yes
 RestrictSUIDSGID=yes
-MemoryDenyWriteExecute=yes
 LockPersonality=yes
+ReadWritePaths=/var/lib/ja4sentinel /var/log/ja4sentinel
 
-# Capabilities for packet capture
+# Capabilities for packet capture (inherited by root)
 AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
 CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN