Comment 1 for bug 766206

I noted that the new version does this:

+ if (uid && setuid (uid) < 0) {
+ nih_error_raise_system ();
+ job_process_error_abort (fds[1], JOB_PROCESS_ERROR_SETUID, 0);
+ }
+
+ if (pw->pw_gid && setgid (pw->pw_gid) < 0) {
+ nih_error_raise_system ();
+ job_process_error_abort (fds[1], JOB_PROCESS_ERROR_SETGID, 0);
+ }

Does that actually work that way around? After setuid() you usually lose the privilege of changing between arbitrary groups (CAP_SETGID). I suppose it actually works if you switch to the user's primary group, but I've seen it to fail in the past in daemons changing to a system user. The usual approach is to change the group first, then the user. But the result here would be an abort of the job, which is safe, so I don't object to the change with my release hat on because of this.