From 4c08bd5e4081a172ab3e259fb4334ce97616ef6e Mon Sep 17 00:00:00 2001
From: Thomas S Hatch <thatch45@gmail.com>
Date: Tue, 15 Oct 2013 15:25:40 -0600
Subject: [PATCH] Drop sup groups BEFORE changing uid

@basepi, needs cherry-pick
---
 salt/utils/verify.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/utils/verify.py b/salt/utils/verify.py
index 92edfa5eef74..f780dde25e84 100644
--- a/salt/utils/verify.py
+++ b/salt/utils/verify.py
@@ -289,13 +289,13 @@ def check_user(user):
     try:
         pwuser = pwd.getpwnam(user)
         try:
-            os.setgid(pwuser.pw_gid)
-            os.setuid(pwuser.pw_uid)
             if hasattr(os, 'initgroups'):
                 os.initgroups(user, pwuser.pw_gid)
             else:
                 os.setgroups([e.gr_gid for e in grp.getgrall()
                               if user in e.gr_mem] + [pwuser.gid])
+            os.setgid(pwuser.pw_gid)
+            os.setuid(pwuser.pw_uid)
 
         except OSError:
             msg = 'Salt configured to run as user "{0}" but unable to switch.'