Running PHP as a systemctl service

[NotionCommotion]

I have service /usr/lib/systemd/system/socketserver.service defined as follows:

[Unit]
Description=Socket Server
After=syslog.target

[Service]
ExecStart=/usr/bin/php /var/www/socket/server.php
Restart=on-abort
Restart=on-failure
RestartSec=10s

[Install]
WantedBy=multi-user.target

When hitting the following lines:

$cmd="tshark -f 'port 1337' -i eno16780032 -a duration:4 -w /var/www/socket/tmp/test.pcap";
$status = exec($cmd, $output);
syslog(LOG_INFO, 'results: '.json_encode($output).' status: '.($status?'success':'false'));

I get the following:

Jun 04 18:58:56 tapmeister.com php[43111]: Running as user "root" and group "root". This could be dangerous.
Jun 04 18:58:56 tapmeister.com php[43111]: Capturing on 'eno16780032'
Jun 04 18:58:56 tapmeister.com kernel: device eno16780032 entered promiscuous mode
Jun 04 18:59:00 tapmeister.com kernel: device eno16780032 left promiscuous mode
Jun 04 18:59:00 tapmeister.com php[43111]: 0 packets captured
Jun 04 18:59:00 tapmeister.com Server[43111]: results: []  status: false

Sure enough, exec('whoami') confirms I am running as root.  Probably shouldn't be.  How would you recommend configuring?

PS.  the three lines shown regarding tshark are executed via an asynchronous request and are not in the main loop.

[requinix]

...don't run as root?

Relevant options

[NotionCommotion]

1 hour ago, requinix said:

...don't run as root?

Relevant options

Yes, I suppose so.  In my actual service config, I had included another user, but had commented it out as I recall because it wouldn't work.  Just uncommitted, and it works perfect, so don't know for sure...