diff --git a/README.md b/README.md
index f82714e..85c17ae 100644
--- a/README.md
+++ b/README.md
@@ -127,12 +127,17 @@ auth:
     uid: 1000
     gid: 1000
     password: bar
+    groups: [qux, quux]
   - user: baz
     group: xxx
     uid: 1100
     gid: 1200
     password_file: /run/secrets/baz_password
 
+group:
+  qux: 2001
+  quux: 2002
+
 global:
   - "force user = foo"
   - "force group = foo"
diff --git a/rootfs/etc/cont-init.d/01-config.sh b/rootfs/etc/cont-init.d/01-config.sh
index 4ebbe29..e6b9699 100755
--- a/rootfs/etc/cont-init.d/01-config.sh
+++ b/rootfs/etc/cont-init.d/01-config.sh
@@ -109,6 +109,18 @@ bind interfaces only = yes
 EOL
 fi
 
+if [[ "$(yq --output-format=json e '(.. | select(tag == "!!str")) |= envsubst' "${CONFIG_FILE}" 2>/dev/null | jq '.group')" != "null" ]]; then
+  for group_entry in $(yq -j e '(.. | select(tag == "!!str")) |= envsubst' "${CONFIG_FILE}" 2>/dev/null | jq -r '.group | to_entries[] | @base64'); do
+    _jq() {
+      echo "${group_entry}" | base64 --decode | jq -r "${1}"
+    }
+    group_name=$(_jq '.key')
+    group_id=$(_jq '.value')
+    echo "Creating group $group_name with GID $group_id"
+    id -g "$group_id" &>/dev/null || id -gn "$group_name" &>/dev/null || addgroup -g "$group_id" -S "$group_name"
+  done
+fi
+
 if [[ "$(yq --output-format=json e '(.. | select(tag == "!!str")) |= envsubst' "${CONFIG_FILE}" 2>/dev/null | jq '.auth')" != "null" ]]; then
   for auth in $(yq -j e '(.. | select(tag == "!!str")) |= envsubst' "${CONFIG_FILE}" 2>/dev/null | jq -r '.auth[] | @base64'); do
     _jq() {
@@ -121,6 +133,13 @@ if [[ "$(yq --output-format=json e '(.. | select(tag == "!!str")) |= envsubst' "
     echo "Creating user $(_jq '.user')/$(_jq '.group') ($(_jq '.uid'):$(_jq '.gid'))"
     id -g "$(_jq '.gid')" &>/dev/null || id -gn "$(_jq '.group')" &>/dev/null || addgroup -g "$(_jq '.gid')" -S "$(_jq '.group')"
     id -u "$(_jq '.uid')" &>/dev/null || id -un "$(_jq '.user')" &>/dev/null || adduser -u "$(_jq '.uid')" -G "$(_jq '.group')" "$(_jq '.user')" -SHD
+    groups=$(_jq '.groups')
+    if [[ "$groups" != "null" ]]; then
+      for group_name in $(echo "$groups" | jq -r '.[]'); do
+        echo "Adding user $(_jq '.user') to group $group_name"
+        addgroup "$(_jq '.user')" "$group_name"
+      done
+    fi
     echo -e "$password\n$password" | smbpasswd -a -s "$(_jq '.user')"
     unset password
   done
diff --git a/test/data/config.yml b/test/data/config.yml
index 7e48fd3..2c88f2c 100644
--- a/test/data/config.yml
+++ b/test/data/config.yml
@@ -4,12 +4,17 @@ auth:
     uid: 1000
     gid: 1000
     password: bar
+    groups: [qux, quux]
   - user: yyy
     group: xxx
     uid: 1100
     gid: 1200
     password_file: /tmp/yyy_password
 
+group:
+  qux: 2001
+  quux: 2002
+
 global:
   - "force user = foo"
   - "force group = foo"