why does the service needs root permissions to begin with? why not have the correct target users right in the service file?

1) this package, resp. its invocation mechanism, is modelled after the package mlocate, as it is intended to be able to replace the unsupported package mlocate, and therefore wants to support all features of mlocate. 2) mlocate origins in sysV era where one had to switch user with su. It has the feature that the sysadmin could choose in /etc/sysconfig/locate whether he/she wants to run the locate service as user root or user nobody (default), so either all files or only publicly visible files are harvested. 3) to my knowledge, systemd does not support a dynamical selection of the invoked user, so User=${RUN_UPDATEDB_AS} does not work.

So there are two possibilities, either invoke the service with User=nobody and do not support the user selection capability provided by mlocate, or use "su".

Side note: Originally, plocate is invoked as root with SETGID bit set to collect all data. On query time, output is filtered according to the invoking user. As SETUID/SETGID flags are not very appreciated in general, I decided to remove the set-group bit and do things the same way as mlocate does.