diff --git a/apps/wolfsshd/auth.c b/apps/wolfsshd/auth.c
index df0a2ebd..8d3365ba 100644
--- a/apps/wolfsshd/auth.c
+++ b/apps/wolfsshd/auth.c
@@ -71,6 +71,8 @@ struct WOLFSSHD_AUTH {
     const WOLFSSHD_CONFIG* conf;
     int gid;
     int uid;
+    int sGid; /* saved gid */
+    int sUid; /* saved uid */
     int attempts;
     void* heap;
 };
@@ -1035,6 +1037,8 @@ WOLFSSHD_AUTH* wolfSSHD_AuthCreateUser(void* heap, const WOLFSSHD_CONFIG* conf)
         if (ret == WS_SUCCESS) {
             auth->gid = pwInfo->pw_gid;
             auth->uid = pwInfo->pw_uid;
+            auth->sGid = getgid();
+            auth->sUid = getuid();
         }
 
         /* error case in setting one of the default callbacks */
@@ -1066,12 +1070,12 @@ int wolfSSHD_AuthRaisePermissions(WOLFSSHD_AUTH* auth)
 
     wolfSSH_Log(WS_LOG_INFO, "[SSHD] Attempting to raise permissions level");
     if (auth) {
-        if (setegid(0) != 0) {
+        if (setegid(auth->sGid) != 0) {
             wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error rasing gid");
             ret = WS_FATAL_ERROR;
         }
 
-        if (seteuid(0) != 0) {
+        if (seteuid(auth->sUid) != 0) {
             wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error rasing uid");
             ret = WS_FATAL_ERROR;
         }
diff --git a/apps/wolfsshd/wolfsshd.c b/apps/wolfsshd/wolfsshd.c
index 08a07ee2..09428eee 100644
--- a/apps/wolfsshd/wolfsshd.c
+++ b/apps/wolfsshd/wolfsshd.c
@@ -449,6 +449,13 @@ static int SCP_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
         return WS_FATAL_ERROR;
     }
 
+    /* set additional groups if needed */
+    if (wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
+            pPasswd->pw_gid) != WS_SUCCESS) {
+        wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
+        ret = WS_FATAL_ERROR;
+    }
+
     if (ret == WS_SUCCESS) {
         error = SetupChroot(usrConf);
         if (error < 0) {
@@ -522,6 +529,13 @@ static int SFTP_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
         return WS_FATAL_ERROR;
     }
 
+    /* set additional groups if needed */
+    if (wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
+            pPasswd->pw_gid) != WS_SUCCESS) {
+        wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
+        ret = WS_FATAL_ERROR;
+    }
+
     if (ret == WS_SUCCESS) {
         error = SetupChroot(usrConf);
         if (error == 1) {
@@ -707,6 +721,13 @@ static int SHELL_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
         signal(SIGINT,  SIG_DFL);
         signal(SIGCHLD, SIG_DFL);
 
+        /* set additional groups if needed */
+        if (wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
+                pPasswd->pw_gid) != WS_SUCCESS) {
+            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
+            ret = WS_FATAL_ERROR;
+        }
+
         rc = SetupChroot(usrConf);
         if (rc < 0) {
             wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting chroot");
@@ -995,15 +1016,6 @@ static void* HandleConnection(void* arg)
                 wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error getting user info");
                 ret = WS_FATAL_ERROR;
             }
-
-            /* set additional groups if needed */
-            if (ret != WS_FATAL_ERROR &&
-                    wolfSSHD_AuthSetGroups(conn->auth, usr, pPasswd->pw_gid) !=
-                    WS_SUCCESS) {
-
-               wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
-               ret = WS_FATAL_ERROR;
-            }
         }
 
         if (ret != WS_FATAL_ERROR) {