diff --git a/arkdep b/arkdep
index bf16069..9005f0d 100755
--- a/arkdep
+++ b/arkdep
@@ -81,6 +81,7 @@ if [[ ! $1 == 'init' ]]; then
 	[[ -z ${minimum_available_boot_storage+x} ]] && minimum_available_boot_storage=153600 && printf '\e[1;33m<!>\e[0m\e[1m minimum_available_boot_storage not defined in config, using default\e[0m\n'
 	[[ -z ${minimum_available_root_storage+x} ]] && minimum_available_root_storage=12582912 && printf '\e[1;33m<!>\e[0m\e[1m minimum_available_root_storage not defined in config, using default\e[0m\n'
 	[[ -z ${update_cpu_microcode+x} ]] && update_cpu_microcode=1 && printf '\e[1;33m<!>\e[0m\e[1m update_cpu_microcode not defined in config, using default\e[0m\n'
+	[[ -z ${backup_user_accounts+x} ]] && update_cpu_microcode=1 && printf '\e[1;33m<!>\e[0m\e[1m backup_user_accounts not defined in config, using default\e[0m\n'
 fi
 
 ## Common functions
@@ -293,6 +294,9 @@ init () {
 
 	# Update CPU firmware if newer version available
 	update_cpu_microcode=1
+
+	# Automatically make a copy of passwd, shadow and group files if they differ from overlay
+	backup_user_accounts=1
 	END
 
 	# Add default bootloader config file
@@ -664,6 +668,21 @@ deploy () {
 
 	# Add overlay if enabled
 	if [[ $enable_overlay -eq 1 ]]; then
+
+		# If backup_user_accounts is enabled automatically perform a backup
+		if [[ $backup_user_accounts -eq 1 ]]; then
+
+			for file in passwd shadow group; do
+				if ! cmp --silent $arkdep_dir/overlay/etc/$file /etc/$file; then
+					cp /etc/$file $arkdep_dir/overlay/etc/$file
+				fi
+			done
+
+			# Ensure shadow file permissions are set properly
+			chmod 600 $file/overlay/etc/shadow
+
+		fi
+
 		printf '\e[1;34m-->\e[0m\e[1m Copying overlay to deployment\e[0m\n'
 		declare -r overlay_files=($(ls $arkdep_dir/overlay/))