diff --git a/states/borg/config.sls b/states/borg/config.sls
index fe3ad54..fa243b3 100644
--- a/states/borg/config.sls
+++ b/states/borg/config.sls
@@ -14,3 +14,12 @@ borg-config-script-{{ key }}:
       job: {{ job }}
       working_dir: {{ borg.working_dir }}
 {% endfor %}
+
+borg-config-sudo:
+  file.managed:
+    - name: /etc/sudoers.d/borg
+    - source: salt://borg/templates/borg_sudo.j2
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 600
diff --git a/states/borg/defaults.yaml b/states/borg/defaults.yaml
index 1e53ca1..4c6c689 100644
--- a/states/borg/defaults.yaml
+++ b/states/borg/defaults.yaml
@@ -1,6 +1,7 @@
 ---
 borg:
   enabled: true
+  run_user: dkron
   working_dir: /opt/borg
   pip_pkgs:
     - borgbackup
diff --git a/states/borg/pkgs.sls b/states/borg/pkgs.sls
index 32f0b64..93d3137 100644
--- a/states/borg/pkgs.sls
+++ b/states/borg/pkgs.sls
@@ -1,6 +1,5 @@
 ---
 {%- from "borg/map.jinja" import borg with context %}
-
 {%- for pkg in borg.pip_pkgs %}
 borg-pkg-reqs-{{ pkg }}:
   pip.installed:
diff --git a/states/borg/templates/borg_sudo.j2 b/states/borg/templates/borg_sudo.j2
new file mode 100755
index 0000000..1741f78
--- /dev/null
+++ b/states/borg/templates/borg_sudo.j2
@@ -0,0 +1,3 @@
+{%- from "borg/map.jinja" import borg with context %}
+## Sudo rights for borg run_user
+{{ borg.run_user }}	ALL=(ALL) NOPASSWD: {{ borg.working_dir }}/scripts/borg_*.sh