diff --git a/debian/debian/jenkins.default b/debian/debian/jenkins.default
index 23a1309f6b6d4d35b9d6e4847a47dbe463b703fc..fc6f28b7f378962a1d47f4c1ba93f1f6a6c1321b 100644
--- a/debian/debian/jenkins.default
+++ b/debian/debian/jenkins.default
@@ -13,8 +13,9 @@ JAVA_ARGS="-Djava.awt.headless=true"  # Allow graphs etc. to work even when an X
 
 PIDFILE=/var/run/jenkins/jenkins.pid
 
-# user id to be invoked as (otherwise will run as root; not wise!)
+# user and group to be invoked as (default to jenkins)
 JENKINS_USER=jenkins
+JENKINS_GROUP=jenkins
 
 # location of the jenkins war file
 JENKINS_WAR=/usr/share/jenkins/jenkins.war
diff --git a/debian/debian/jenkins.postinst b/debian/debian/jenkins.postinst
index 16abae3928741ef913a42007bb8ed329f1ce1a40..8643edb3f8381618dc1701704c1d5951970b66ea 100644
--- a/debian/debian/jenkins.postinst
+++ b/debian/debian/jenkins.postinst
@@ -23,16 +23,16 @@ case "$1" in
     
         [ -r /etc/default/jenkins ] && . /etc/default/jenkins
         : ${JENKINS_USER:=jenkins}
+        : ${JENKINS_GROUP:=jenkins}
 
         # Create jenkins user if it doesn't exist.
         # sometimes tools that users want Jenkins to run need a shell,
         # so use /bin/bash. See JENKINS-4830
-        if ! id $JENKINS_USER > /dev/null 2>&1 ; then
-            adduser --system --home /var/lib/jenkins --no-create-home \
-                --ingroup nogroup --disabled-password --shell /bin/bash \
-                --gecos 'Jenkins' \
-                $JENKINS_USER
-        fi
+        addgroup --system --quiet $JENKINS_GROUP
+        adduser --system --quiet --home /var/lib/jenkins --no-create-home \
+            --ingroup $JENKINS_GROUP --disabled-password --shell /bin/bash \
+            --gecos 'Jenkins' \
+            $JENKINS_USER
 	
         # If we have an old hudson install, rename it to jenkins
         if test -d /var/lib/hudson -a \! \( -e /var/lib/hudson/.for-jenkins \) ; then
@@ -47,20 +47,20 @@ case "$1" in
       
         # directories needed for jenkins
         # we don't do -R because it can take a long time on big installation
-        chown $JENKINS_USER:adm /var/lib/jenkins /var/log/jenkins
+        chown $JENKINS_USER:$JENKINS_GROUP /var/lib/jenkins /var/log/jenkins
         # we don't do "chmod 750" so that the user can choose the pemission for g and o on their own
         chmod u+rwx /var/lib/jenkins /var/log/jenkins
 
         # make sure jenkins can delete everything in /var/cache/jenkins to
         # re-explode war.
-        chown -R $JENKINS_USER:adm /var/cache/jenkins
-        chmod -R 750               /var/cache/jenkins
+        chown -R $JENKINS_USER:$JENKINS_GROUP /var/cache/jenkins
+        chmod -R 750                          /var/cache/jenkins
 
         # older installations may use /var/run/jenkins
         # so make sure that they can delete too.
         if test -d /var/run/jenkins ; then
-            chown -R $JENKINS_USER:adm /var/run/jenkins
-            chmod -R 750               /var/run/jenkins
+            chown -R $JENKINS_USER:$JENKINS_GROUP /var/run/jenkins
+            chmod -R 750                          /var/run/jenkins
         fi
     ;;
 
diff --git a/debian/debian/jenkins.postrm b/debian/debian/jenkins.postrm
index d338c17316b1f1d53f710064821c0eb7c47902f5..a96eac4f85bdcfb1b2facad751f653b9923577c2 100644
--- a/debian/debian/jenkins.postrm
+++ b/debian/debian/jenkins.postrm
@@ -5,6 +5,7 @@ set -e
 case "$1" in
     purge)
         userdel jenkins || true
+	groupdel jenkins || true
         rm -rf /var/lib/jenkins /var/log/jenkins \
                /var/run/jenkins /var/cache/jenkins
     ;;