diff --git a/nixos/modules/mailman.nix b/nixos/modules/mailman.nix
index 16b2c87..695a173 100644
--- a/nixos/modules/mailman.nix
+++ b/nixos/modules/mailman.nix
@@ -93,6 +93,7 @@ in {
       serviceConfig = {
         Type = "oneshot";
         User = "mailman";
+        NoNewPrivileges = true;
         # See https://www.man7.org/linux/man-pages/man5/systemd.exec.5.html
         PrivateTmp = true;
         ProtectHome = true;
@@ -130,8 +131,8 @@ in {
       };
       repo = "borg@192.168.1.11:lobon"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33
       startAt = "daily";
-      user = "root";
-      group = "root";
+      user = "mailman";
+      group = "mailman";
     };
   };
 }