diff --git a/defaults/main.yml b/defaults/main.yml
index e4f5be3..77a0a12 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,3 +1,4 @@
+roundcube_separate_user: false
 roundcube_config:
   log_driver: syslog
   db_dsnw: 'sqlite:////var/lib/roundcube/db/roundcube?mode=0640'
@@ -5,3 +6,22 @@ roundcube_config:
   #smtp_host: 'tls://smtp.example.com:587'
   #des_key: Set this to a 24-char random character string!
   cipher_method: AES-256-CBC
+
+roundcube_php_fpm_config:
+  user: roundcube
+  group: roundcube
+  listen: '/run/php/php{{ php_version }}-fpm-roundcube.sock'
+  listen.owner: www-data
+  listen.group: www-data
+  listen.mode: '0660'
+  'php_admin_value[syslog.ident]': roundcube
+  pm: dynamic
+  pm.max_children: 50
+  pm.start_servers: 2
+  pm.min_spare_servers: 2
+  pm.max_spare_servers: 3
+  'env[HOSTNAME]': '$HOSTNAME'
+  'env[PATH]': /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+  'env[TMP]': /tmp
+  'env[TMPDIR]': /tmp
+  'env[TEMP]': /tmp
diff --git a/tasks/main.yml b/tasks/main.yml
index 04483e9..2f8a770 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -5,11 +5,39 @@
     - roundcube-sqlite3
     - roundcube-pgsql
 
+- name: create roundcube group
+  when: roundcube_separate_user
+  ansible.builtin.group:
+    name: roundcube
+    system: true
+
+- name: Create roundcube user
+  when: roundcube_separate_user
+  ansible.builtin.user:
+    name: roundcube
+    group: roundcube
+    groups: www-data
+    home: /nonexistent
+    create_home: false
+    system: true
+
+# php_version and "restart php-fpm" handler from nginx role
+- name: Create roundcube php pool
+  when: roundcube_separate_user
+  ansible.builtin.template:
+    src: php-fpm-pool.conf.j2
+    dest: "/etc/php/{{ php_version }}/fpm/pool.d/roundcube.conf"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+  - restart php-fpm
+
 - name: Create db directory
   ansible.builtin.file:
     path: /var/lib/roundcube/db
-    owner: www-data
-    group: www-data
+    owner: '{{ "roundcube" if roundcube_separate_user else "www-data" }}'
+    group: '{{ "roundcube" if roundcube_separate_user else "www-data" }}'
     state: directory
     mode: "0750"
 
@@ -18,5 +46,5 @@
     src: config.inc.php.j2
     dest: /etc/roundcube/config.inc.php
     owner: root
-    group: www-data
+    group: '{{ "roundcube" if roundcube_separate_user else "www-data" }}'
     mode: "0640"
diff --git a/templates/php-fpm-pool.conf.j2 b/templates/php-fpm-pool.conf.j2
new file mode 100644
index 0000000..4caefb3
--- /dev/null
+++ b/templates/php-fpm-pool.conf.j2
@@ -0,0 +1,5 @@
+[roundcube]
+
+{% for key, value in roundcube_php_fpm_config.items() %}
+{{ key }} = {{ value }}
+{% endfor %}