We have a setup where the user is not hudson (default) but build:

Extract from /etc/default/hudson

# user id to be invoked as (otherwise will run as root; not wise!) 
HUDSON_USER=build

After hudson package upgrade (aptitude) I noticed that the permission in the following directory is set to hudson:adm again instead of ${HUDSON_USER}:

/var/lib/hudson <- hudson configuration
/var/run/hudson/war <- web root

This causes hudson to not run properly.
The user permissions should be changed to the user specified in HUDSON_USER.

Possible fix in /trunk/hudson/main/debian/hudson.postinst:

• Read HUDSON_USER from /etc/default/hudson or maybe hudson.default and set the permission accordingly

I'm not sure how to handle the group permission. It could be fixed to adm (current solution) or a new environment variable HUDSON_GROUP could be added.

A completely different approach could be to don't touch permission after upgrade at all.

A recent change in this area (JENKINS-4047) leaves the jobs directory untouched. But this doesn't fix the current problem.