diff --git a/apps/wolfsshd/auth.c b/apps/wolfsshd/auth.c
index 4e6b185a..aad55a2c 100644
--- a/apps/wolfsshd/auth.c
+++ b/apps/wolfsshd/auth.c
@@ -1122,6 +1122,38 @@ int wolfSSHD_AuthReducePermissions(WOLFSSHD_AUTH* auth)
     return ret;
 }
 
+
+/* sets the extended groups the user is in, returns WS_SUCCESS on success */
+int wolfSSHD_AuthSetGroups(const WOLFSSHD_AUTH* auth, const char* usr,
+        WGID_T gid)
+{
+    int grpListSz = 0;
+    gid_t* grpList = NULL;
+    int ret = WS_SUCCESS;
+
+    /* should return -1 if grpListSz is smaller than actual groups */
+    if (getgrouplist(usr, gid, NULL, &grpListSz) == -1) {
+        grpList = (gid_t*)WMALLOC(sizeof(gid_t) * grpListSz, auth->heap,
+            DYNTYPE_SSHD);
+        if (grpList == NULL) {
+            ret = WS_MEMORY_E;
+        }
+        else {
+            if (getgrouplist(usr, gid, grpList, &grpListSz)
+                    != grpListSz) {
+                ret = WS_FATAL_ERROR;
+            }
+            else {
+                setgroups(grpListSz, grpList);
+            }
+            WFREE(grpList, auth->heap, DYNTYPE_SSHD);
+        }
+    }
+
+    return ret;
+}
+
+
 /* return the time in seconds for grace timeout period */
 long wolfSSHD_AuthGetGraceTime(const WOLFSSHD_AUTH* auth)
 {
diff --git a/apps/wolfsshd/auth.h b/apps/wolfsshd/auth.h
index c4c288d8..fc868576 100644
--- a/apps/wolfsshd/auth.h
+++ b/apps/wolfsshd/auth.h
@@ -62,6 +62,8 @@ int wolfSSHD_AuthReducePermissions(WOLFSSHD_AUTH* auth);
 int wolfSSHD_AuthRaisePermissions(WOLFSSHD_AUTH* auth);
 int wolfSSHD_AuthReducePermissionsUser(WOLFSSHD_AUTH* auth, WUID_T uid,
     WGID_T gid);
+int wolfSSHD_AuthSetGroups(const WOLFSSHD_AUTH* auth, const char* usr,
+    WGID_T gid);
 long wolfSSHD_AuthGetGraceTime(const WOLFSSHD_AUTH* auth);
 WOLFSSHD_CONFIG* wolfSSHD_AuthGetUserConf(const WOLFSSHD_AUTH* auth,
         const char* usr, const char* host,
diff --git a/apps/wolfsshd/wolfsshd.c b/apps/wolfsshd/wolfsshd.c
index 6e5cd797..ff1e1084 100644
--- a/apps/wolfsshd/wolfsshd.c
+++ b/apps/wolfsshd/wolfsshd.c
@@ -490,6 +490,12 @@ static int SFTP_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
         }
     }
 
+    /* set additional groups if needed */
+    if (ret == WS_SUCCESS) {
+        ret = wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
+                pPasswd->pw_gid);
+    }
+
     if (wolfSSHD_AuthReducePermissionsUser(conn->auth, pPasswd->pw_uid,
             pPasswd->pw_gid) != WS_SUCCESS) {
         wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting user ID");
@@ -668,6 +674,13 @@ static int SHELL_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
             }
         }
 
+        /* set additional groups if needed */
+        if ( wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
+                pPasswd->pw_gid) != WS_SUCCESS) {
+            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting user groups");
+            return WS_FATAL_ERROR;
+        }
+
         if (wolfSSHD_AuthReducePermissionsUser(conn->auth, pPasswd->pw_uid,
             pPasswd->pw_gid) != WS_SUCCESS) {
             wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting user ID");