I am upgrading an older SuSE-13.2 box to Leap. I have done a fresh Leap-15.0
install and ported over the source code that we ran on the 13.2 box. It builds
fine but I am having an issue. The program is/has to be an suid pgm. It also
uses fork/execvpe/wait to execute some external scripts. And that is where my
problem lies. The user is a member of several groups but these group
memberships seem to disappear when these external scripts are executed. For
instance the user is a member of the cdrom group so he can eject and work with
a DVD. I have created a simple example script and source for a pgm that
execvpe's that script which shows my problem.

test.sh script:
#!/bin/sh

whoami

id

test.c pgm source:

#define _GNU_SOURCE
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main()
{
        char *path = getenv("PATH");
        char  pathenv[strlen(path) + sizeof("PATH=")];
        sprintf(pathenv, "PATH=%s", path);
        char *envp[] = {pathenv, NULL};
        char *tests[] = {"./test.sh", NULL};
        execvpe(tests[0], tests, envp);
}

#cc  test.c
#/a.out

markh

uid=5076(markh) gid=100(users)
groups=100(users),19(floppy),200(lcrs),484(tape),485(lp),488(disk),489(dialout),490(cdrom)



Then as root:
#chown root ./a.out
#chgrp root ./a.out
#chmod +s ./a.out

Then as user
#./a.out

markh

uid=5076(markh) gid=100(users) groups=100(users)

Once the pgm is owned by root and suid, I lose all my group memberships for
some unknown reason. It is not proper to me.

This all works fine on 13.2 but does not on Leap 15 or Leap 42.3. Is there some
security setting somewhere that broke this?