diff --git a/src/dns_conf.c b/src/dns_conf.c
index dcc41a0..1451578 100644
--- a/src/dns_conf.c
+++ b/src/dns_conf.c
@@ -3509,6 +3509,15 @@ int config_additional_file(void *data, int argc, char *argv[])
 	return load_conf(file_path, _config_item, _conf_printf);
 }
 
+const char *dns_conf_get_cache_dir(void)
+{
+	if (dns_conf_cache_file[0] == '\0') {
+		return SMARTDNS_CACHE_FILE;
+	}
+
+	return dns_conf_cache_file;
+}
+
 static int _dns_server_load_conf_init(void)
 {
 	dns_conf_address_rule.ipv4 = New_Radix();
diff --git a/src/dns_conf.h b/src/dns_conf.h
index bf07315..5be4425 100644
--- a/src/dns_conf.h
+++ b/src/dns_conf.h
@@ -60,7 +60,8 @@ extern "C" {
 #define SMARTDNS_CONF_FILE "/etc/smartdns/smartdns.conf"
 #define SMARTDNS_LOG_FILE "/var/log/smartdns/smartdns.log"
 #define SMARTDNS_AUDIT_FILE "/var/log/smartdns/smartdns-audit.log"
-#define SMARTDNS_CACHE_FILE "/tmp/smartdns.cache"
+#define SMARTDNS_CACHE_FILE "/var/cache/smartdns/smartdns.cache"
+#define SMARTDNS_TMP_CACHE_FILE "/tmp/smartdns.cache"
 #define SMARTDNS_DEBUG_DIR "/tmp/smartdns"
 
 enum domain_rule {
@@ -527,6 +528,9 @@ int dns_server_check_update_hosts(void);
 struct dns_proxy_names *dns_server_get_proxy_nams(const char *proxyname);
 
 extern int config_additional_file(void *data, int argc, char *argv[]);
+
+const char *dns_conf_get_cache_dir(void);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/dns_server.c b/src/dns_server.c
index 5243845..b8be122 100644
--- a/src/dns_server.c
+++ b/src/dns_server.c
@@ -7005,11 +7005,7 @@ static int _dns_server_cache_init(void)
 		return -1;
 	}
 
-	char *dns_cache_file = SMARTDNS_CACHE_FILE;
-	if (dns_conf_cache_file[0] != 0) {
-		dns_cache_file = dns_conf_cache_file;
-	}
-
+	const char *dns_cache_file = dns_conf_get_cache_dir();
 	if (dns_conf_cache_persist == 2) {
 		uint64_t freespace = get_free_space(dns_cache_file);
 		if (freespace >= CACHE_AUTO_ENABLE_SIZE) {
@@ -7032,10 +7028,7 @@ static int _dns_server_cache_init(void)
 
 static int _dns_server_cache_save(int check_lock)
 {
-	char *dns_cache_file = SMARTDNS_CACHE_FILE;
-	if (dns_conf_cache_file[0] != 0) {
-		dns_cache_file = dns_conf_cache_file;
-	}
+	const char *dns_cache_file = dns_conf_get_cache_dir();
 
 	if (dns_conf_cache_persist == 0 || dns_conf_cachesize <= 0) {
 		if (access(dns_cache_file, F_OK) == 0) {
diff --git a/src/smartdns.c b/src/smartdns.c
index 506ae4a..1a46829 100644
--- a/src/smartdns.c
+++ b/src/smartdns.c
@@ -56,7 +56,7 @@ static int verbose_screen;
 int capget(struct __user_cap_header_struct *header, struct __user_cap_data_struct *cap);
 int capset(struct __user_cap_header_struct *header, struct __user_cap_data_struct *cap);
 
-static int get_uid_gid(int *uid, int *gid)
+static int get_uid_gid(uid_t *uid, gid_t *gid)
 {
 	struct passwd *result = NULL;
 	struct passwd pwd;
@@ -65,7 +65,9 @@ static int get_uid_gid(int *uid, int *gid)
 	int ret = -1;
 
 	if (dns_conf_user[0] == '\0') {
-		return -1;
+		*uid = getuid();
+		*gid = getgid();
+		return 0;
 	}
 
 	bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
@@ -109,8 +111,8 @@ static int drop_root_privilege(void)
 	header.version = _LINUX_CAPABILITY_VERSION;
 #endif
 	header.pid = 0;
-	int uid = 0;
-	int gid = 0;
+	uid_t uid = 0;
+	gid_t gid = 0;
 	int unused __attribute__((unused)) = 0;
 
 	if (get_uid_gid(&uid, &gid) != 0) {
@@ -376,8 +378,8 @@ static int _smartdns_set_ecs_ip(void)
 
 static int _smartdns_create_cert(void)
 {
-	int uid = 0;
-	int gid = 0;
+	uid_t uid = 0;
+	gid_t gid = 0;
 
 	if (dns_conf_need_cert == 0) {
 		return 0;
@@ -608,31 +610,62 @@ static void _reg_signal(void)
 
 static int _smartdns_create_logdir(void)
 {
-	int uid = 0;
-	int gid = 0;
+	uid_t uid = 0;
+	gid_t gid = 0;
+	struct stat sb;
 	char logdir[PATH_MAX] = {0};
+	int unused __attribute__((unused)) = 0;
+
 	safe_strncpy(logdir, _smartdns_log_path(), PATH_MAX);
 	dir_name(logdir);
 
-	if (access(logdir, F_OK) == 0) {
-		return 0;
-	}
-
-	if (mkdir(logdir, 0750) != 0) {
-		if (errno == EEXIST) {
-			return 0;
-		}
-
-		return -1;
-	}
-
-	int unused __attribute__((unused)) = 0;
-
 	if (get_uid_gid(&uid, &gid) != 0) {
 		return -1;
 	}
 
-	unused = chown(logdir, uid, gid);
+	mkdir(logdir, 0750);
+	if (stat(logdir, &sb) == 0 && sb.st_uid == uid && sb.st_gid == gid && (sb.st_mode & 0700) == 0700) {
+		return 0;
+	}
+
+	if (chown(logdir, uid, gid) != 0) {
+		/* disable log */
+		tlog_set_maxlog_count(0);
+	}
+
+	unused = chmod(logdir, 0750);
+	unused = chown(_smartdns_log_path(), uid, gid);
+	return 0;
+}
+
+static int _smartdns_create_cache_dir(void)
+{
+	uid_t uid = 0;
+	gid_t gid = 0;
+	struct stat sb;
+	char cache_dir[PATH_MAX] = {0};
+	int unused __attribute__((unused)) = 0;
+
+	safe_strncpy(cache_dir, dns_conf_get_cache_dir(), PATH_MAX);
+	dir_name(cache_dir);
+
+	if (get_uid_gid(&uid, &gid) != 0) {
+		return -1;
+	}
+
+	mkdir(cache_dir, 0750);
+	if (stat(cache_dir, &sb) == 0 && sb.st_uid == uid && sb.st_gid == gid && (sb.st_mode & 0700) == 0700) {
+		return 0;
+	}
+
+	if (chown(cache_dir, uid, gid) != 0) {
+		if (dns_conf_cache_file[0] == '\0') {
+			safe_strncpy(dns_conf_cache_file, SMARTDNS_TMP_CACHE_FILE, sizeof(dns_conf_cache_file));
+		}
+	}
+
+	unused = chmod(cache_dir, 0750);
+	unused = chown(dns_conf_get_cache_dir(), uid, gid);
 	return 0;
 }
 
@@ -648,6 +681,7 @@ static int _set_rlimit(void)
 static int _smartdns_init_pre(void)
 {
 	_smartdns_create_logdir();
+	_smartdns_create_cache_dir();
 
 	_set_rlimit();