Hi Chagrin,

Note that what you're setting with $( is the real gid, not the effective gid. Its doc says:

If you are on a machine that supports membership in multiple groups simultaneously, gives a space separated list of groups you are in. ... However, a value assigned to $( must be a single number used to set the real gid.

The doc for the effective gid, $), says:

If you are on a machine that supports membership in multiple groups simultaneously, gives a space separated list of groups you are in. ... Similarly, a value assigned to $) must also be a space-separated list of numbers. The first number sets the effective gid, and the rest (if any) are passed to setgroups().

A while back I wrote some code that worked well at the time, which changes the effective gid to with one primary and one (!) secondary effective gid. This is an excerpt:

if ( $) !~ /^$WANT_GID\b.*\b$WANT_GRP2\b/ ) {
    $) = "$WANT_GID $WANT_GRP2";
    die "Error: EGID change failed: $!"
        if $! || $) ne "$WANT_GID $WANT_GRP2";
}
warn "After: RUID=$<, EUID=$>, RGID=$(, EGID=$), umask="
    .sprintf("%o",umask)."\n";
[download]

As for getting the groups of a user on the machine, after a little bit of research it appears you'll have to walk the group entries yourself, something like this perhaps:

use warnings;
use strict;

use User::pwent;
use User::grent;
use List::Util qw/any/;

my $u = $ENV{USER};
print " primary: ",
    getpwnam($u)->gid, "\n";
print "seconday: $_\n" for get_sec_grps($u);

sub get_sec_grps {
    my $user = shift;
    my @sec_grps;
    endgrent; # reset (?)
    while (my $g=getgrent) {
        push @sec_grps, $g->gid
            if any {$_ eq $user} @{$g->members};
    }
    endgrent;
    return @sec_grps;
}
[download]

Hope this helps,
-- Hauke D

In my head I was expecting that there was some POSIX function that, after changing the uid, would set the groups for you. It's non-intuitive to me to not see the groups change automatically after setting the real uid.