diff --git a/changelog/64141.fixed.md b/changelog/64141.fixed.md
new file mode 100644
index 000000000000..62c3e8f90c16
--- /dev/null
+++ b/changelog/64141.fixed.md
@@ -0,0 +1 @@
+Make salt user's home /opt/saltstack/salt
diff --git a/changelog/64158.fixed.md b/changelog/64158.fixed.md
new file mode 100644
index 000000000000..a31abbfe0232
--- /dev/null
+++ b/changelog/64158.fixed.md
@@ -0,0 +1 @@
+Salt minion runs with salt group permissions
diff --git a/pkg/debian/salt-common.preinst b/pkg/debian/salt-common.preinst
index dddca49c7bfe..967060bc0ee5 100644
--- a/pkg/debian/salt-common.preinst
+++ b/pkg/debian/salt-common.preinst
@@ -17,11 +17,11 @@ case "$1" in
     # 3. create user if not existing
     if ! getent passwd | grep -q "^$SALT_USER:"; then
       echo -n "Adding system user $SALT_USER.."
-      adduser --quiet \
+      useradd --quiet \
               --system \
-              --ingroup $SALT_GROUP \
               --no-create-home \
-              --disabled-password \
+              -s /sbin/nologin
+              -g $SALT_GROUP \
               $SALT_USER 2>/dev/null || true
       echo "..done"
     fi
diff --git a/pkg/rpm/salt.spec b/pkg/rpm/salt.spec
index 769ecd7180ee..ce32d47ed66c 100644
--- a/pkg/rpm/salt.spec
+++ b/pkg/rpm/salt.spec
@@ -381,9 +381,9 @@ test -d %{_SALT_HOME} || mkdir -p %{_SALT_HOME}
 # 3. create user if not existing
 #         -g %{_SALT_GROUP} \
 if ! getent passwd | grep -q "^%{_SALT_USER}:"; then
-  adduser --system \
+  useradd --system \
           --no-create-home \
-          -s /sbin/nlogin \
+          -s /sbin/nologin \
           -g %{_SALT_GROUP} \
           %{_SALT_USER} 2>/dev/null || true
 fi
diff --git a/pkg/tests/integration/test_salt_user.py b/pkg/tests/integration/test_salt_user.py
index 374004178f3b..4c8d1af664d5 100644
--- a/pkg/tests/integration/test_salt_user.py
+++ b/pkg/tests/integration/test_salt_user.py
@@ -28,7 +28,9 @@ def test_salt_user_home(install_salt):
     """
     Test the correct user is running the Salt Master
     """
-    proc = subprocess.run(["getent", "salt"], check=False, capture_output=True)
+    proc = subprocess.run(
+        ["getent", "passwd", "salt"], check=False, capture_output=True
+    )
     assert proc.returncode == 0
     home = ""
     try:
@@ -47,7 +49,7 @@ def test_salt_user_group(install_salt):
     in_group = False
     try:
         for group in proc.stdout.decode().split(" "):
-            if group == "salt":
+            if "salt" in group:
                 in_group = True
     except:
         pass