diff --git a/config/config.sample.php b/config/config.sample.php
index 105d4759cc..7b533a8b9c 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -235,4 +235,7 @@ $CONFIG = array(
 'openssl' => array(
 	//'config' => '/absolute/location/of/openssl.cnf',
 ),
+
+/* whether usage of the instance should be restricted to admin users only */
+'singleuser' => false,
 );
diff --git a/core/command/maintenance/singleuser.php b/core/command/maintenance/singleuser.php
new file mode 100644
index 0000000000..f9a1bbcaca
--- /dev/null
+++ b/core/command/maintenance/singleuser.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * Copyright (c) 2013 Robin Appelman <icewind@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Core\Command\Maintenance;
+
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class SingleUser extends Command {
+
+	protected function configure() {
+		$this
+			->setName('maintenance:singleuser')
+			->setDescription('set single user mode')
+			->addOption(
+				'on',
+				null,
+				InputOption::VALUE_NONE,
+				'enable single user mode'
+			)
+			->addOption(
+				'off',
+				null,
+				InputOption::VALUE_NONE,
+				'disable single user mode'
+			);
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output) {
+		if ($input->getOption('on')) {
+			\OC_Config::setValue('singleuser', true);
+			$output->writeln('Single user mode enabled');
+		} elseif ($input->getOption('off')) {
+			\OC_Config::setValue('singleuser', false);
+			$output->writeln('Single user mode disabled');
+		} else {
+			if (\OC_Config::getValue('singleuser', false)) {
+				$output->writeln('Single user mode is currently enabled');
+			} else {
+				$output->writeln('Single user mode is currently disabled');
+			}
+		}
+	}
+}
diff --git a/core/register_command.php b/core/register_command.php
index 144dcd3dc5..1e520e3882 100644
--- a/core/register_command.php
+++ b/core/register_command.php
@@ -10,6 +10,7 @@
 $application->add(new OC\Core\Command\Status);
 $application->add(new OC\Core\Command\Db\GenerateChangeScript());
 $application->add(new OC\Core\Command\Upgrade());
+$application->add(new OC\Core\Command\Maintenance\SingleUser());
 $application->add(new OC\Core\Command\App\Disable());
 $application->add(new OC\Core\Command\App\Enable());
 $application->add(new OC\Core\Command\App\ListApps());
diff --git a/core/templates/singleuser.user.php b/core/templates/singleuser.user.php
new file mode 100644
index 0000000000..a5f56f6e2c
--- /dev/null
+++ b/core/templates/singleuser.user.php
@@ -0,0 +1,10 @@
+<ul>
+	<li class='update'>
+		<?php p($l->t('This ownCloud instance is currently in single user mode.')) ?><br /><br />
+		<?php p($l->t('This means only administrators can use the instance.')) ?><br /><br />
+		<?php p($l->t('Contact your system administrator if this message persists or appeared unexpectedly.')) ?>
+		<br /><br />
+		<?php p($l->t('Thank you for your patience.')); ?><br /><br />
+		<a class="button" <?php print_unescaped(OC_User::getLogoutAttribute()); ?>><?php p($l->t('Log out')); ?></a>
+	</li>
+</ul>
diff --git a/lib/base.php b/lib/base.php
index 187cedf942..2feedd81d8 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -238,6 +238,22 @@ class OC {
 		}
 	}
 
+	public static function checkSingleUserMode() {
+		$user = OC_User::getUserSession()->getUser();
+		$group = OC_Group::getManager()->get('admin');
+		if ($user && OC_Config::getValue('singleuser', false) && !$group->inGroup($user)) {
+			// send http status 503
+			header('HTTP/1.1 503 Service Temporarily Unavailable');
+			header('Status: 503 Service Temporarily Unavailable');
+			header('Retry-After: 120');
+
+			// render error page
+			$tmpl = new OC_Template('', 'singleuser.user', 'guest');
+			$tmpl->printPage();
+			die();
+		}
+	}
+
 	public static function checkUpgrade($showTemplate = true) {
 		if (OC_Config::getValue('installed', false)) {
 			$installedVersion = OC_Config::getValue('version', '0.0.0');
@@ -667,11 +683,12 @@ class OC {
 		// Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
 		OC::tryBasicAuthLogin();
 
-		if (!self::$CLI) {
+		if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
 			try {
 				if (!OC_Config::getValue('maintenance', false)) {
 					OC_App::loadApps();
 				}
+				self::checkSingleUserMode();
 				OC::getRouter()->match(OC_Request::getRawPathInfo());
 				return;
 			} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
diff --git a/public.php b/public.php
index 203372fe1e..767295b98d 100644
--- a/public.php
+++ b/public.php
@@ -5,6 +5,7 @@ try {
 
 	require_once 'lib/base.php';
 	OC::checkMaintenanceMode();
+	OC::checkSingleUserMode();
 	if (!isset($_GET['service'])) {
 		header('HTTP/1.0 404 Not Found');
 		exit;