diff --git a/aur/lirc-user-service/60-lirc.rules b/aur/lirc-user-service/60-lirc.rules
new file mode 100644
index 000000000..492aae966
--- /dev/null
+++ b/aur/lirc-user-service/60-lirc.rules
@@ -0,0 +1,9 @@
+# Make the /dev/lirc* devices accessible for users in the group "lirc"
+# using regular group permissions.
+
+KERNEL=="lirc[0-9]*", SUBSYSTEM=="lirc", GROUP="lirc", MODE="0660"
+
+# Grant rw permission to the lirc group for USB devices using acl(5).
+
+ACTION=="add", SUBSYSTEM=="usb", ENV{DEVNAME}=="?*", \
+    RUN+="/usr/bin/sh -c '/usr/bin/setfacl -m g:lirc:rw %E{DEVNAME} 2>/dev/null || :'"
diff --git a/aur/lirc-user-service/PKGBUILD b/aur/lirc-user-service/PKGBUILD
new file mode 100644
index 000000000..b54f2b445
--- /dev/null
+++ b/aur/lirc-user-service/PKGBUILD
@@ -0,0 +1,26 @@
+# Maintainer: graysky <graysky AT archlinux DOT us>
+# vim:set ts=2 sw=2 et:
+
+pkgname=lirc-user-service
+pkgver=1.5
+pkgrel=1
+pkgdesc="Systemd dropins to run lirc as an unprivileged user for better stability and security"
+arch=(any)
+url="https://www.lirc.org/html/configuration-guide.html"
+license=(MIT)
+depends=(lirc systemd)
+install=readme.install
+source=(60-lirc.rules sysusers.conf tmpfiles.conf)
+backup=(etc/systemd/system/lircd.service.d/override.conf)
+md5sums=('cbed0097426c746550c687ae3d0310ec'
+         '2a19b64c02e12256624cc15906bcf65a'
+         '818c7fa6b32ab3edb56ef643450116f2')
+
+package() {
+  install -Dm644 60-lirc.rules "$pkgdir/usr/lib/udev/rules.d/60-lirc.rules"
+  install -Dm644 sysusers.conf "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
+  # prefer /etc/tmpfiles.d/ over /usr/lib/tmpfiles.d/
+  # why?  lirc package inslalls there and if we do to systemd-tmpfiles
+  # warns on execution which can confuse users
+  install -Dm644 tmpfiles.conf "$pkgdir/etc/tmpfiles.d/$pkgname.conf"
+}
diff --git a/aur/lirc-user-service/readme.install b/aur/lirc-user-service/readme.install
new file mode 100644
index 000000000..d2859c6a0
--- /dev/null
+++ b/aur/lirc-user-service/readme.install
@@ -0,0 +1,7 @@
+post_install() {
+  echo ">>> Edit /etc/lirc/lirc_options.conf and set: 'effective-user = lirc' then restart lircd"
+}
+
+post_upgrade() {
+  post_install $1
+}
diff --git a/aur/lirc-user-service/sysusers.conf b/aur/lirc-user-service/sysusers.conf
new file mode 100644
index 000000000..856f581ce
--- /dev/null
+++ b/aur/lirc-user-service/sysusers.conf
@@ -0,0 +1,9 @@
+# override these settings by copying this to /etc/sysusers.d/ and modifying it therein
+
+# Type Name ID GECOS Home directory Shell
+g lirc - -
+u lirc - "LIRC daemon user" /var/lib/lirc /usr/bin/nologin
+
+# supplemental groups
+m lirc input
+m lirc lock
diff --git a/aur/lirc-user-service/tmpfiles.conf b/aur/lirc-user-service/tmpfiles.conf
new file mode 100644
index 000000000..a60a9d4ac
--- /dev/null
+++ b/aur/lirc-user-service/tmpfiles.conf
@@ -0,0 +1 @@
+d /run/lirc 0755 lirc lirc -