Merge remote-tracking branch 'nicklewis/ticket/2.6.x/8770' into 2.6.x

* nicklewis/ticket/2.6.x/8770:
  (#8770) Don't fail to set supplementary groups when changing user to root

1 files changed, 10 insertions, 2 deletions

diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb
index 2e12b220f..697bce111 100644
--- a/lib/puppet/util/suidmanager.rb
+++ b/lib/puppet/util/suidmanager.rb
@@ -82,13 +82,21 @@ module Puppet::Util::SUIDManager
       begin
         Process::UID.change_privilege(uid)
       rescue NotImplementedError
+        # If changing uid, we must be root. So initgroups first here.
         initgroups(uid)
         Process.euid = uid
         Process.uid  = uid
       end
     else
-      initgroups(uid)
-      Process.euid = uid
+      # If we're already root, initgroups before changing euid. If we're not,
+      # change euid (to root) first.
+      if Process.euid == 0
+        initgroups(uid)
+        Process.euid = uid
+      else
+        Process.euid = uid
+        initgroups(uid)
+      end
     end
   end
   module_function :change_user