diff -up ./util/Security.c.nprocs ./util/Security.c
--- ./util/Security.c.nprocs	2016-01-27 03:07:49.000000000 -0500
+++ ./util/Security.c	2016-02-22 20:30:06.153297256 -0500
@@ -31,6 +31,7 @@
 #include <unistd.h>
 #include <errno.h>
 #include <stdlib.h>
+#include <grp.h>
 #include <string.h>
 #include <sys/mman.h>
 #include <stdio.h>
@@ -66,12 +67,17 @@ void Security_setUser(int uid,
 {
     int gidErrno = 0;
     int uidErrno = 0;
+    int setGroupErrno = 0;
+    pid_t groups[1];
     if (keepNetAdmin) {
         Setuid_preSetuid(alloc, eh);
     }
     if (gid && setgid(gid)) {
         gidErrno = errno;
     }
+    if (setgroups(0,groups)) {
+        setGroupErrno = errno;
+    }
     if (setuid(uid)) {
         // errno is global and could get overwritten by Setuid_postSetuid()
         uidErrno = errno;
@@ -85,6 +91,9 @@ void Security_setUser(int uid,
     if (uid != (int) getuid()) {
         Except_throw(eh, "Failed to set UID but seemed to succeed");
     }
+    if (setGroupErrno > 0) {
+        Except_throw(eh, "Failed to setgroups [%s]", strerror(setGroupErrno));
+    }
     if (gidErrno > 0) {
         Except_throw(eh, "Failed to set GID [%s]", strerror(gidErrno));
     }
@@ -119,8 +128,8 @@ void Security_nofiles(struct Except* eh)
 
 void Security_noforks(struct Except* eh)
 {
-    if (setrlimit(RLIMIT_NPROC, &(struct rlimit){ 0, 0 })) {
-        Except_throw(eh, "Failed to set fork limit to 0 [%s]", strerror(errno));
+    if (setrlimit(RLIMIT_NPROC, &(struct rlimit){ 1, 1 })) {
+        Except_throw(eh, "Failed to set process limit to 1 [%s]", strerror(errno));
     }
 }