pkg: to complicate matters we need to register and restore user/group through package means

+POST_INSTALL

@@ -20,6 +20,10 @@ fi
 echo "Creating user '${USER}' with uid '${UID}'"
 ${PW} user${PW_ARG} ${USER} -u ${UID} -g ${GID} -c "World Wide Web Only" -d /nonexistent -s /usr/sbin/nologin
 
+if [ -n "${CORE_USER_GROUP_ONLY}" ]; then
+	exit 0
+fi
+
 echo "Updating /etc/shells"
 cp /etc/shells /etc/shells.bak
 (grep -v /usr/local/sbin/opnsense-shell /etc/shells.bak; \

+PRE_DEINSTALL

@@ -1,3 +1,7 @@
+if [ -n "${CORE_USER_GROUP_ONLY}" ]; then
+	exit 0
+fi
+
 /usr/local/etc/rc.d/configd stop
 
 echo "Resetting root shell"

Makefile

@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2024 Franco Fichtner <franco@opnsense.org>
+# Copyright (c) 2014-2025 Franco Fichtner <franco@opnsense.org>
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -116,6 +116,8 @@ CORE_PACKAGESITE?=	https://pkg.opnsense.org
 CORE_PRODUCT?=		OPNsense
 CORE_REPOSITORY?=	${CORE_ABI}/latest
 CORE_WWW?=		https://opnsense.org/
+CORE_USER?=		wwwonly
+CORE_GROUP?=		${CORE_USER}
 
 CORE_COPYRIGHT_HOLDER?=	Deciso B.V.
 CORE_COPYRIGHT_WWW?=	https://www.deciso.com/
@@ -239,6 +241,8 @@ manifest:
 	@echo "comment: \"${CORE_COMMENT}\""
 	@echo "desc: \"${CORE_HASH}\""
 	@echo "maintainer: \"${CORE_MAINTAINER}\""
+	@echo "users: [ \"${CORE_USER}\" ]"
+	@echo "groups: [ \"${CORE_GROUP}\" ]"
 	@echo "www: \"${CORE_WWW}\""
 	@echo "message: \"${CORE_MESSAGE}\""
 	@echo "categories: [ \"sysutils\", \"www\" ]"

src/etc/rc.subr.d/recover

@@ -234,6 +234,8 @@ function recover_ports()
     $tempfile = fopen($tempname, 'w');
     $luacount = 0;
 
+    putenv('CORE_USER_GROUP_ONLY=yes');
+
     foreach ($pkgs as $pkg) {
         $raw = exec('/usr/local/sbin/pkg-static info --raw --raw-format json-compact ' . $pkg);
         $info = json_decode($raw, true);