diff --git a/nixproc/backends/synit/create-synit-daemon.nix b/nixproc/backends/synit/create-synit-daemon.nix
index 8f8b98f..049855b 100644
--- a/nixproc/backends/synit/create-synit-daemon.nix
+++ b/nixproc/backends/synit/create-synit-daemon.nix
@@ -1,6 +1,6 @@
-{ lib, busybox, runtimeShell, toPreserves, writeScript, writeTextFile }:
+{ lib, busybox, runtimeShell, toPreserves, util, writeScript, writeTextFile }:
 
-{ name, description, argv, environment, directory, path
+{ name, description, environment, directory, path, user, process, args
 # Shell instructions that specify how the state of the process should be initialized.
 , initialize ? ""
   # List of services that this configuration depends on.
@@ -9,15 +9,24 @@
   # Example: [ "<service-state <milestone network> up>" ]
 , depends-on ? [ ]
   # Whether the daemon shall be declared as required.
-, require-service ? true }:
+, require-service ? true, forceDisableUserChange ? false }:
 
 let
   env = environment // {
     PATH = lib.strings.makeBinPath (path ++ [ busybox ]);
   };
 
+  user' = util.determineUser { inherit user forceDisableUserChange; };
+
   processSpec = {
-    inherit argv env;
+    argv = if user' == null then
+      [ process ] ++ args
+    else
+      util.invokeDaemon {
+        inherit process args;
+        su = "su";
+      };
+    inherit env;
   } // (lib.attrsets.optionalAttrs (directory != null) { dir = directory; });
 
   serviceName = "<daemon ${name}>";
diff --git a/nixproc/backends/synit/default.nix b/nixproc/backends/synit/default.nix
index bdef58e..2ea3794 100644
--- a/nixproc/backends/synit/default.nix
+++ b/nixproc/backends/synit/default.nix
@@ -1,13 +1,13 @@
 { lib, busybox, runtimeShell, writeScript, writeTextFile, undaemonize }:
 
 rec {
-  util = import ./util.nix { inherit lib; };
+  util = import ../util { inherit lib; };
 
-  toPreserves = util.toPreserves { };
+  inherit (import ./util.nix { inherit lib; }) toPreserves;
 
   createSynitDaemon = import ../../backends/synit/create-synit-daemon.nix {
     inherit lib busybox runtimeShell writeScript writeTextFile;
-    inherit toPreserves;
+    inherit toPreserves util;
   };
 
   generateSynitService =
diff --git a/nixproc/backends/synit/generate-synit-service.nix b/nixproc/backends/synit/generate-synit-service.nix
index a251dd8..c286a46 100644
--- a/nixproc/backends/synit/generate-synit-service.nix
+++ b/nixproc/backends/synit/generate-synit-service.nix
@@ -6,12 +6,18 @@
 
 let
   generatedTargetSpecificArgs = {
-    inherit name description environment directory path dependencies initialize;
+    inherit name description environment directory path dependencies initialize
+      user;
 
-    argv = map toString (if foregroundProcess != null then
-      [ foregroundProcess ] ++ foregroundProcessArgs
+    process = if foregroundProcess != null then
+      foregroundProcess
     else
-      [ "${undaemonize}/bin/undaemonize" daemon ] ++ daemonArgs);
+      (lib.getExe undaemonize);
+
+    args = map toString (if foregroundProcess != null then
+      foregroundProcessArgs
+    else
+      [ daemon ] ++ daemonArgs);
   };
 
   targetSpecificArgs = if builtins.isFunction overrides then
diff --git a/nixproc/backends/synit/util.nix b/nixproc/backends/synit/util.nix
index 6a31e1a..7a876e0 100644
--- a/nixproc/backends/synit/util.nix
+++ b/nixproc/backends/synit/util.nix
@@ -12,11 +12,10 @@ rec {
        toPreserves { } [{ a = 0; b = 1; } "c" [ true false ] { record = "foo"; }]
        => "<foo { a: 0 b: 1 } \"c\" [ #t #f ]>"
   */
-  toPreserves = { }@args:
+  toPreserves =
     let
-      toPreserves' = toPreserves args;
       concatItems = toString;
-      mapToSeq = lib.strings.concatMapStringsSep " " toPreserves';
+      mapToSeq = lib.strings.concatMapStringsSep " " toPreserves;
       recordLabel = list:
         with builtins;
         let len = length list;
@@ -37,7 +36,7 @@ rec {
     else if lib.isAttrs v then
       "{ ${
         concatItems
-        (lib.attrsets.mapAttrsToList (key: val: "${key}: ${toPreserves' val}")
+        (lib.attrsets.mapAttrsToList (key: val: "${key}: ${toPreserves val}")
           v)
       } }"
     else if lib.isList v then
diff --git a/tools/synit/nixproc-synit-deploy.in b/tools/synit/nixproc-synit-deploy.in
index bbc4f9d..940f0cc 100644
--- a/tools/synit/nixproc-synit-deploy.in
+++ b/tools/synit/nixproc-synit-deploy.in
@@ -132,10 +132,6 @@ fi
 
 nixproc-init-state $stateDirArg $runtimeDirArg $logDirArg $tmpDirArg $cacheDirArg $spoolDirArg $lockDirArg $libDirArg $forceDisableUserChangeArg
 
-# Create new groups and users
-createNewGroups
-createNewUsers
-
 dest_file=/run/etc/syndicate/services/processes.pr
 
 if [ -e "$dest_file"] && [ ! -L "$dest_file" ]
@@ -144,7 +140,11 @@ then
   exit 1
 fi
 
-ln -sf $profilePath /etc/syndicate/services/processes.pr
+# Create new groups and users
+createNewGroups
+createNewUsers
+
+ln -sf $profilePath /run/etc/syndicate/services/processes.pr
 
 # Delete obsolete users and groups
 deleteObsoleteUsers