diff --git a/qrexec/qrexec-daemon.c b/qrexec/qrexec-daemon.c
index b2eef9e..dc31875 100644
--- a/qrexec/qrexec-daemon.c
+++ b/qrexec/qrexec-daemon.c
@@ -203,7 +203,14 @@ void init(int xid)
 	}
 
 	peer_client_init(xid, REXEC_PORT);
-	setuid(getuid());
+	if (setgid(getgid()) < 0) {
+		perror("setgid()");
+		exit(1);
+	}
+	if (setuid(getuid()) < 0) {
+		perror("setuid()");
+		exit(1);
+	}
 	/* When running as root, make the socket accessible; perms on /var/run/qubes still apply */
 	umask(0);
 	qrexec_daemon_unix_socket_fd =