data/xfce4-screensaver.system-auth | 3 +++
 src/setuid.c                       | 9 ++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/data/xfce4-screensaver.system-auth b/data/xfce4-screensaver.system-auth
index 2c264c4..5be6cb3 100644
--- a/data/xfce4-screensaver.system-auth
+++ b/data/xfce4-screensaver.system-auth
@@ -1,2 +1,5 @@
 auth include system-auth
 -auth optional pam_gnome_keyring.so
+account required pam_deny.so
+password required pam_deny.so
+session required pam_deny.so
diff --git a/src/setuid.c b/src/setuid.c
index 8aeb7cd..b119c57 100644
--- a/src/setuid.c
+++ b/src/setuid.c
@@ -15,6 +15,7 @@
 
 #include <config.h>
 
+#define _GNU_SOURCE /* for setresgid()/setresuid() */
 #include <grp.h> /* for getgrgid() and struct group */
 #include <pwd.h> /* for getpwnam() and struct passwd */
 #include <stdio.h>
@@ -72,16 +73,18 @@ set_ids_by_number (uid_t   uid,
     if (gid == (gid_t) -1) gid = (gid_t) -2;
     if (uid == (uid_t) -1) uid = (uid_t) -2;
 
+/*
     errno = 0;
     if (setgroups (1, &gid) < 0)
         sgs_errno = errno ? errno : -1;
+*/
 
     errno = 0;
-    if (setgid (gid) != 0)
+    if (setresgid (gid, gid, gid) != 0)
         gid_errno = errno ? errno : -1;
 
     errno = 0;
-    if (setuid (uid) != 0)
+    if (setresuid (uid, uid, uid) != 0)
         uid_errno = errno ? errno : -1;
 
     if (uid_errno == 0 && gid_errno == 0 && sgs_errno == 0) {
@@ -202,7 +205,7 @@ hack_uid (char **nolock_reason,
             }
             gid = authg->gr_gid;
 #endif /* !HAVE_BSDAUTH */
-            if (!set_ids_by_number (uid, gid, uid_message)) {
+            if (!set_ids_by_number (euid == 0 ? uid : euid, egid == 0 ? gid : egid, uid_message)) {
                 reason = g_strdup ("unable to discard privileges.");
 
                 ret = FALSE;