diff --git a/src/util-privs.c b/src/util-privs.c
index 42c48c2f30..00f8582859 100644
--- a/src/util-privs.c
+++ b/src/util-privs.c
@@ -30,6 +30,7 @@
 #include <pwd.h>
 #include "util-debug.h"
 #include "suricata-common.h"
+#include "suricata.h"
 
 #ifdef HAVE_LIBCAP_NG
 
@@ -42,6 +43,9 @@
 /** flag indicating if we'll be using caps */
 extern int sc_set_caps;
 
+/** our current runmode */
+extern int run_mode;
+
 /**
  * \brief   Drop all the previliges of the given thread
  */
@@ -63,12 +67,18 @@ void SCDropMainThreadCaps(uint32_t userid, uint32_t groupid)
         return;
 
     capng_clear(CAPNG_SELECT_BOTH);
-    capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-            CAP_NET_RAW,            /* needed for pcap live mode */
-#ifdef NFQ
-            CAP_NET_ADMIN,          /* needed for nfqueue inline mode */
-#endif
-            -1);
+
+    if (run_mode == MODE_PFRING || run_mode == MODE_NFQ) {
+        capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+                      CAP_NET_RAW,            /* needed for pcap live mode */
+                      CAP_NET_ADMIN,          /* needed for nfqueue inline mode */
+                      -1);
+    } else if (run_mode == MODE_PCAP_DEV) {
+        capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+                      CAP_NET_RAW,            /* needed for pcap live mode */
+                      -1);
+    }
+
     if (capng_change_id(userid, groupid, CAPNG_DROP_SUPP_GRP |
             CAPNG_CLEAR_BOUNDING) < 0)
     {