diff --git a/users/init.sls b/users/init.sls
index 0f3cd70..488e533 100644
--- a/users/init.sls
+++ b/users/init.sls
@@ -9,6 +9,9 @@
 {%- if user == None -%}
 {%- set user = {} -%}
 {%- endif -%}
+{%- if 'sudoonly' in user and user['sudoonly'] %}
+{%- set _dummy=user.update({'sudouser': True}) %}
+{%- endif %}
 {%- if 'sudouser' in user and user['sudouser'] %}
 {%- do used_sudo.append(1) %}
 {%- endif %}
@@ -47,6 +50,7 @@ include:
 {%- set user_group = name -%}
 {%- endif %}
 
+{%- if not ( 'sudoonly' in user and user['sudoonly'] ) %}
 {% for group in user.get('groups', []) %}
 users_{{ name }}_{{ group }}_group:
   group.present:
@@ -353,6 +357,7 @@ users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}:
     - name: {{ host }}
 {% endfor %}
 {% endif %}
+{% endif %}
 
 {% set sudoers_d_filename = name|replace('.','_') %}
 {% if 'sudouser' in user and user['sudouser'] %}