diff --git a/application/clicommands/SetupCommand.php b/application/clicommands/SetupCommand.php
index 16fb53ab4..21dbac396 100644
--- a/application/clicommands/SetupCommand.php
+++ b/application/clicommands/SetupCommand.php
@@ -40,8 +40,6 @@ class SetupCommand extends Command
      * Create a new setup token
      *
      * Re-generates the setup token used to authenticate when installing Icinga Web 2 using the web-based wizard.
-     * Note that it is required to run this command while logged in as your webserver's user or to make him the
-     * owner of the created file afterwards manually.
      *
      * USAGE:
      *
@@ -49,6 +47,11 @@ class SetupCommand extends Command
      */
     public function generateTokenAction()
     {
+        if (false === $this->isSuperUser()) {
+            $this->fail($this->translate('This action needs to be run as super user in order to work properly!'));
+            return false;
+        }
+
         $token = bin2hex(openssl_random_pseudo_bytes(8));
         $filepath = $this->app->getConfigDir() . '/setup.token';
 
@@ -62,4 +65,66 @@ class SetupCommand extends Command
 
         printf($this->translate("The newly generated setup token is: %s\n"), $token);
     }
+
+    /**
+     * Create the configuration directory
+     *
+     * This command creates the configuration directory for Icinga Web 2. The `group' argument
+     * is mandatory and should be the groupname of the user your web server is running as.
+     *
+     * USAGE:
+     *
+     *   icingacli setup createConfigDirectory <group> [options]
+     *
+     * OPTIONS:
+     *
+     *   --mode  The access mode to use. Default is: 2775
+     *   --path  The path to the configuration directory. If omitted the default is used.
+     *
+     * EXAMPLES:
+     *
+     *   icingacli setup createConfigDirectory apache
+     *   icingacli setup createConfigDirectory apache --mode 2770
+     *   icingacli setup createConfigDirectory apache --path /some/path
+     */
+    public function createConfigDirectoryAction()
+    {
+        if (false === $this->isSuperUser()) {
+            $this->fail($this->translate('This action needs to be run as super user in order to work properly!'));
+            return false;
+        }
+
+        $group = $this->params->getStandalone();
+        if ($group === null) {
+            $this->fail($this->translate('The `group\' argument is mandatory.'));
+            return false;
+        }
+
+        $path = $this->params->get('path', $this->app->getConfigDir());
+        if (file_exists($path)) {
+            $this->fail(sprintf($this->translate('Path "%s" already exists.'), $path));
+            return false;
+        }
+
+        $mode = octdec($this->params->get('mode', '2775'));
+        if (false === mkdir($path)) {
+            $this->fail(sprintf($this->translate('Unable to create path: %s'), $path));
+            return false;
+        }
+
+        $old = umask(0); // Prevent $mode from being mangled by the system's umask ($old)
+        chmod($path, $mode);
+        umask($old);
+        chgrp($path, $group);
+    }
+
+    /**
+     * Return whether the current user is a super user
+     *
+     * @return  bool
+     */
+    protected function isSuperUser()
+    {
+        return intval(shell_exec('echo $EUID')) === 0;
+    }
 }