diff --git a/src/util/virhostdev.c b/src/util/virhostdev.c
index d80dbf719d44e3d0b95d03b31d49c1973bcf44bd..79362899688a4bc9cbb35a9054836dbf3b0f6d5d 100644
--- a/src/util/virhostdev.c
+++ b/src/util/virhostdev.c
@@ -89,6 +89,7 @@ static virHostdevManagerPtr
 virHostdevManagerNew(void)
 {
     virHostdevManagerPtr hostdevMgr;
+    bool privileged = geteuid() == 0;
 
     if (!(hostdevMgr = virObjectNew(virHostdevManagerClass)))
         return NULL;
@@ -105,14 +106,39 @@ virHostdevManagerNew(void)
     if ((hostdevMgr->activeSCSIHostdevs = virSCSIDeviceListNew()) == NULL)
         goto error;
 
-    if (VIR_STRDUP(hostdevMgr->stateDir, HOSTDEV_STATE_DIR) < 0)
-        goto error;
+    if (privileged) {
+        if (VIR_STRDUP(hostdevMgr->stateDir, HOSTDEV_STATE_DIR) < 0)
+            goto error;
 
-    if (virFileMakePath(hostdevMgr->stateDir) < 0) {
-        virReportError(VIR_ERR_OPERATION_FAILED,
-                       _("Failed to create state dir '%s'"),
-                       hostdevMgr->stateDir);
-        goto error;
+        if (virFileMakePath(hostdevMgr->stateDir) < 0) {
+            virReportError(VIR_ERR_OPERATION_FAILED,
+                           _("Failed to create state dir '%s'"),
+                           hostdevMgr->stateDir);
+            goto error;
+        }
+    } else {
+        char *rundir = NULL;
+        mode_t old_umask;
+
+        if (!(rundir = virGetUserRuntimeDirectory()))
+            goto error;
+
+        if (virAsprintf(&hostdevMgr->stateDir, "%s/hostdevmgr", rundir) < 0) {
+            VIR_FREE(rundir);
+            goto error;
+        }
+        VIR_FREE(rundir);
+
+        old_umask = umask(077);
+
+        if (virFileMakePath(hostdevMgr->stateDir) < 0) {
+            umask(old_umask);
+            virReportError(VIR_ERR_OPERATION_FAILED,
+                           _("Failed to create state dir '%s'"),
+                           hostdevMgr->stateDir);
+            goto error;
+        }
+        umask(old_umask);
     }
 
     return hostdevMgr;