diff --git a/heroku-20-cnb-build/Dockerfile b/heroku-20-cnb-build/Dockerfile
index 33928801..c5a62f7c 100644
--- a/heroku-20-cnb-build/Dockerfile
+++ b/heroku-20-cnb-build/Dockerfile
@@ -7,6 +7,7 @@ RUN groupadd heroku --gid 1000 \
   && chown heroku:heroku /app
 
 # https://github.com/buildpacks/spec/blob/platform/0.13/platform.md#build-image
+USER heroku
 ENV CNB_USER_ID=1000
 ENV CNB_GROUP_ID=1000
 # Note: This image doesn't inherit from the CNB run image variant so we have
@@ -20,5 +21,3 @@ LABEL io.buildpacks.base.maintainer="Heroku"
 # https://github.com/buildpacks/spec/blob/platform/0.13/platform.md#iobuildpacksstack-labels
 ENV CNB_STACK_ID="heroku-20"
 LABEL io.buildpacks.stack.id="heroku-20"
-
-USER heroku
diff --git a/heroku-22-cnb-build/Dockerfile b/heroku-22-cnb-build/Dockerfile
index f1e6b502..b1c018ac 100644
--- a/heroku-22-cnb-build/Dockerfile
+++ b/heroku-22-cnb-build/Dockerfile
@@ -7,6 +7,7 @@ RUN groupadd heroku --gid 1000 \
   && chown heroku:heroku /app
 
 # https://github.com/buildpacks/spec/blob/platform/0.13/platform.md#build-image
+USER heroku
 ENV CNB_USER_ID=1000
 ENV CNB_GROUP_ID=1000
 # Note: This image doesn't inherit from the CNB run image variant so we have
@@ -20,5 +21,3 @@ LABEL io.buildpacks.base.maintainer="Heroku"
 # https://github.com/buildpacks/spec/blob/platform/0.13/platform.md#iobuildpacksstack-labels
 ENV CNB_STACK_ID="heroku-22"
 LABEL io.buildpacks.stack.id="heroku-22"
-
-USER heroku
diff --git a/heroku-24-build/Dockerfile b/heroku-24-build/Dockerfile
index 3f19763c..a965f590 100644
--- a/heroku-24-build/Dockerfile
+++ b/heroku-24-build/Dockerfile
@@ -1,14 +1,14 @@
 ARG BASE_IMAGE=heroku/heroku:24
 FROM $BASE_IMAGE
 
-# We have to temporarily switch back to root, since the run image sets a non-root default USER.
+# We have to temporarily switch back to root, since the run image sets a non-root default `USER`.
 USER root
 RUN --mount=target=/build /build/setup.sh
 
 # https://github.com/buildpacks/spec/blob/platform/0.13/platform.md#build-image
 # The `io.buildpacks.base.*` labels are inherited from the run image, so don't need to be repeated here.
-USER 1002
-ENV CNB_USER_ID=1002
+USER heroku
+ENV CNB_USER_ID=1000
 ENV CNB_GROUP_ID=1000
 
 # Stack IDs are deprecated, but we still set this for backwards compatibility:
diff --git a/heroku-24/Dockerfile b/heroku-24/Dockerfile
index fd896b6f..476e6549 100644
--- a/heroku-24/Dockerfile
+++ b/heroku-24/Dockerfile
@@ -3,7 +3,7 @@ FROM ubuntu:24.04
 RUN --mount=target=/build /build/setup.sh
 
 # https://github.com/buildpacks/spec/blob/platform/0.13/platform.md#run-image
-USER 1001
+USER heroku
 LABEL io.buildpacks.base.distro.name="ubuntu"
 LABEL io.buildpacks.base.distro.version="24.04"
 LABEL io.buildpacks.base.homepage="https://github.com/heroku/base-images"
diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh
index b80d3538..fc460ca2 100755
--- a/heroku-24/setup.sh
+++ b/heroku-24/setup.sh
@@ -189,10 +189,12 @@ apt-get purge -y openjdk-8-jre-headless
 apt-get autoremove -y --purge
 test "$(file -b /etc/ssl/certs/java/cacerts)" = "Java KeyStore"
 
-useradd heroku --uid 1001 --gid 1000 --shell /bin/bash --create-home
-useradd heroku-build --uid 1002 --gid 1000 --shell /bin/bash --create-home
-groupmod --new-name heroku ubuntu
-deluser --remove-home ubuntu
+# Ubuntu 24.04 ships with a default user and group named 'ubuntu' (with user+group ID of 1000)
+# that we have to remove before creating our own (`userdel` will remove the group too).
+userdel ubuntu --remove
+
+groupadd heroku --gid 1000
+useradd heroku --uid 1000 --gid 1000 --shell /bin/bash --create-home
 
 rm -rf /root/*
 rm -rf /tmp/*