diff --git a/tailcfg/tailcfg.go b/tailcfg/tailcfg.go
index c11594681..86ab028ef 100644
--- a/tailcfg/tailcfg.go
+++ b/tailcfg/tailcfg.go
@@ -147,9 +147,17 @@ type UserProfile struct {
 }
 
 type Node struct {
-	ID         NodeID
-	Name       string // DNS
-	User       UserID
+	ID   NodeID
+	Name string // DNS
+
+	// User is the user who created the node. If ACL tags are in
+	// use for the node then it doesn't reflect the ACL identity
+	// that the node is running as.
+	User UserID
+
+	// Sharer, if non-zero, is the user who shared this node, if different than User.
+	Sharer UserID `json:",omitempty"`
+
 	Key        NodeKey
 	KeyExpiry  time.Time
 	Machine    MachineKey
@@ -769,6 +777,7 @@ func (n *Node) Equal(n2 *Node) bool {
 		n.ID == n2.ID &&
 		n.Name == n2.Name &&
 		n.User == n2.User &&
+		n.Sharer == n2.Sharer &&
 		n.Key == n2.Key &&
 		n.KeyExpiry.Equal(n2.KeyExpiry) &&
 		n.Machine == n2.Machine &&
diff --git a/tailcfg/tailcfg_clone.go b/tailcfg/tailcfg_clone.go
index d22afb914..4105147ad 100644
--- a/tailcfg/tailcfg_clone.go
+++ b/tailcfg/tailcfg_clone.go
@@ -64,6 +64,7 @@ var _NodeNeedsRegeneration = Node(struct {
 	ID                NodeID
 	Name              string
 	User              UserID
+	Sharer            UserID
 	Key               NodeKey
 	KeyExpiry         time.Time
 	Machine           MachineKey
diff --git a/tailcfg/tailcfg_test.go b/tailcfg/tailcfg_test.go
index 93d3a6fae..d720a1f6d 100644
--- a/tailcfg/tailcfg_test.go
+++ b/tailcfg/tailcfg_test.go
@@ -188,7 +188,12 @@ func TestHostinfoEqual(t *testing.T) {
 }
 
 func TestNodeEqual(t *testing.T) {
-	nodeHandles := []string{"ID", "Name", "User", "Key", "KeyExpiry", "Machine", "DiscoKey", "Addresses", "AllowedIPs", "Endpoints", "DERP", "Hostinfo", "Created", "LastSeen", "KeepAlive", "MachineAuthorized"}
+	nodeHandles := []string{
+		"ID", "Name", "User", "Sharer",
+		"Key", "KeyExpiry", "Machine", "DiscoKey",
+		"Addresses", "AllowedIPs", "Endpoints", "DERP", "Hostinfo",
+		"Created", "LastSeen", "KeepAlive", "MachineAuthorized",
+	}
 	if have := fieldsOf(reflect.TypeOf(Node{})); !reflect.DeepEqual(have, nodeHandles) {
 		t.Errorf("Node.Equal check might be out of sync\nfields: %q\nhandled: %q\n",
 			have, nodeHandles)