We only set the real euid, not the effective one. This is not a security issue as this is *only* used in the quota code, and only between code that brackets it with save_re_uid()/restore_re_uid(), Also this is not used on most platforms (we use USE_SETREUID by preference) but it's better to have this right. Patches for 3.6.next and 3.5.next to follow. Jeremy.
Created attachment 7694 [details] git am fix that applies to 3.6.next and 3.5.next.
Re-assigning to Karolin for inclusion in 3.5.next and 3.6.next. Cheers, Jeremy.
Pushed to v3-6-test and v3-5-test. Closing out bug report. Thanks!