diff --git a/src/ceph-crash.in b/src/ceph-crash.in
index c549dc11fe4be184a6df34a550b0c2c5d172e035..3ed2991baa96b31bded577d0088ad2c34e55d716 100755
--- a/src/ceph-crash.in
+++ b/src/ceph-crash.in
@@ -10,6 +10,8 @@ import socket
 import subprocess
 import sys
 import time
+import grp
+import pwd
 
 logging.basicConfig(level=logging.INFO)
 log = logging.getLogger('ceph-crash')
@@ -80,8 +82,23 @@ def handler(signum, frame):
     print('*** Interrupted with signal %d ***' % signum)
     sys.exit(0)
 
+
+def drop_privs():
+    if os.getuid() == 0:
+        try:
+            ceph_uid = pwd.getpwnam("ceph").pw_uid
+            ceph_gid = grp.getgrnam("ceph").gr_gid
+            os.setgroups([])
+            os.setgid(ceph_gid)
+            os.setuid(ceph_uid)
+        except Exception as e:
+            log.error(f"Unable to drop privileges: {e}")
+            sys.exit(1)
+
 def main():
     # exit code 0 on SIGINT, SIGTERM
+    global auth_names
+    drop_privs()
     signal.signal(signal.SIGINT, handler)
     signal.signal(signal.SIGTERM, handler)
 
@@ -96,7 +113,10 @@ def main():
 
     log.info("monitoring path %s, delay %ds" % (args.path, args.delay * 60.0))
     while True:
-        scrape_path(args.path)
+        try:
+            scrape_path(args.path)
+        except Exception as e:
+            log.error(f"Error scraping {args.path}: {e}")
         if args.delay == 0:
             sys.exit(0)
         time.sleep(args.delay * 60)