diff --git a/+POST_INSTALL b/+POST_INSTALL
index d5ee43f9c4..88d5baed24 100644
--- a/+POST_INSTALL
+++ b/+POST_INSTALL
@@ -1,3 +1,23 @@
+PW=/usr/sbin/pw
+USER=wwwonly
+UID=789
+GROUP=${USER}
+GID=${UID}
+
+if ! ${PW} groupshow ${GROUP} >/dev/null 2>&1; then
+    echo "Creating group '${GROUP}' with gid '${GID}'"
+    ${PW} groupadd ${GROUP} -g ${GID}
+else
+    echo "Using existing group '${GROUP}'"
+fi
+
+if ! ${PW} usershow ${USER} >/dev/null 2>&1; then
+  echo "Creating user '${USER}' with uid '${UID}'"
+  ${PW} useradd ${USER} -u ${UID} -g ${GID} -c "World Wide Web Only" -d /nonexistent -s /usr/sbin/nologin
+else
+  echo "Using existing user '${USER}'"
+fi
+
 echo "Updating /etc/shells"
 cp /etc/shells /etc/shells.bak
 (grep -v /usr/local/sbin/opnsense-shell /etc/shells.bak; \