Comment 1 for bug 1903332

Please also do the python equivalant of setgroups(0, NULL) before dropping the gid (you could also use a one element list that is the dropped-to group). To add them back, you'll need to do the setgroups() after raising the uid. Drop order is setgroups(), setegid(), seteuid(); raise order is seteuid(), setegid(), setgroups().