diff --git a/fluent-package/apt/install-test.sh b/fluent-package/apt/install-test.sh
index 8ec8117e2..941570005 100755
--- a/fluent-package/apt/install-test.sh
+++ b/fluent-package/apt/install-test.sh
@@ -81,6 +81,18 @@ if [ ! -h /etc/td-agent ]; then
     exit 1
 fi
 
+homedir=$(getent passwd _fluentd | cut -d: -f6)
+if [ "$homedir" != "/var/lib/fluent" ]; then
+    echo "_fluentd must use /var/lib/fluent as home directory"
+    exit 1
+fi
+
+loginshell=$(getent passwd _fluentd | cut -d: -f7)
+if [ "$loginshell" != "/usr/sbin/nologin" ]; then
+    echo "_fluentd must use nologin"
+    exit 1
+fi
+
 # Note: As td-agent and _fluentd use same UID/GID,
 # it is regarded as preceding name (td-agent)
 owner=$(stat --format "%U/%G" /etc/fluent)
diff --git a/fluent-package/templates/package-scripts/fluent-package/deb/postinst b/fluent-package/templates/package-scripts/fluent-package/deb/postinst
index 82c981d43..d293837e7 100755
--- a/fluent-package/templates/package-scripts/fluent-package/deb/postinst
+++ b/fluent-package/templates/package-scripts/fluent-package/deb/postinst
@@ -21,7 +21,7 @@ add_system_user() {
 	    if getent passwd <%= compat_service_name %> >/dev/null; then
 		TD_UID=$(id --user <%= compat_service_name %>)
 		TD_GID=$(getent group <%= compat_service_name %> | cut -d':' -f3)
-		useradd -u $TD_UID -g $TD_GID -o _<%= service_name %>
+		useradd -u $TD_UID -g $TD_GID -o -d /var/lib/<%= package_dir %> -s /usr/sbin/nologin _<%= service_name %>
 	    fi
 	fi
     fi
diff --git a/fluent-package/yum/fluent-package.spec.in b/fluent-package/yum/fluent-package.spec.in
index 7cc2ce9da..d18f72b3b 100644
--- a/fluent-package/yum/fluent-package.spec.in
+++ b/fluent-package/yum/fluent-package.spec.in
@@ -164,7 +164,7 @@ else
         echo "Add user @SERVICE_NAME@ (same UID/GID with @COMPAT_SERVICE_NAME@)..."
         TD_UID=$(id --user @COMPAT_SERVICE_NAME@)
         TD_GID=$(getent group @COMPAT_SERVICE_NAME@ | cut -d':' -f3)
-        /usr/sbin/useradd -u $TD_UID -g $TD_GID -o @SERVICE_NAME@
+        /usr/sbin/useradd -u $TD_UID -g $TD_GID -d %{_localstatedir}/lib/@PACKAGE_DIR@ -s /sbin/nologin -o @SERVICE_NAME@
     fi
 fi
 
diff --git a/fluent-package/yum/install-test.sh b/fluent-package/yum/install-test.sh
index 0a2055870..afaaafbd6 100755
--- a/fluent-package/yum/install-test.sh
+++ b/fluent-package/yum/install-test.sh
@@ -140,4 +140,16 @@ EOF
         echo "/etc/td-agent must be symlink"
         exit 1
     fi
+
+    homedir=$(getent passwd fluentd | cut -d: -f6)
+    if [ "$homedir" != "/var/lib/fluent" ]; then
+	echo "fluentd must use /var/lib/fluent as home directory"
+	exit 1
+    fi
+
+    loginshell=$(getent passwd fluentd | cut -d: -f7)
+    if [ "$loginshell" != "/sbin/nologin" ]; then
+	echo "fluentd must use nologin"
+	exit 1
+    fi
 fi