diff --git a/systemd/user/mpd.service.in b/systemd/user/mpd.service.in
index 4ee7015d0..91b24dc5f 100644
--- a/systemd/user/mpd.service.in
+++ b/systemd/user/mpd.service.in
@@ -19,6 +19,8 @@ LimitRTTIME=infinity
 # for io_uring
 LimitMEMLOCK=64M
 
+# Required in order for ProtectSystem= (and other sandboxing) to work
+PrivateUsers=yes
 # disallow writing to /usr, /bin, /sbin, ...
 ProtectSystem=yes