diff --git a/sapi/fpm/php-fpm.service.in b/sapi/fpm/php-fpm.service.in
index f58ea08af8ff..5111ae8c8ff8 100644
--- a/sapi/fpm/php-fpm.service.in
+++ b/sapi/fpm/php-fpm.service.in
@@ -32,6 +32,9 @@ NoNewPrivileges=true
 # but no physical devices such as /dev/sda.
 PrivateDevices=true
 
+# Required for dropping privileges for running as a different user and changin owner and root.
+CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
+
 # Explicit module loading will be denied. This allows to turn off module load and unload
 # operations on modular kernels. It is recommended to turn this on for most services that
 # do not need special file systems or extra kernel modules to work.