diff --git a/fst/sandbox.go b/fst/sandbox.go
index aaa018b..fc12da4 100644
--- a/fst/sandbox.go
+++ b/fst/sandbox.go
@@ -47,7 +47,7 @@ type SandboxConfig struct {
 
 // SandboxSys encapsulates system functions used during the creation of [bwrap.Config].
 type SandboxSys interface {
-	Geteuid() int
+	Getuid() int
 	Paths() Paths
 	ReadDir(name string) ([]fs.DirEntry, error)
 	EvalSymlinks(path string) (string, error)
@@ -73,7 +73,7 @@ func (s *SandboxConfig) Bwrap(sys SandboxSys, uid *int) (*bwrap.Config, error) {
 	} else {
 		// some programs fail to connect to dbus session running as a different uid, so a separate workaround
 		// is introduced to map priv-side caller uid in namespace
-		*uid = sys.Geteuid()
+		*uid = sys.Getuid()
 	}
 
 	conf := (&bwrap.Config{
diff --git a/internal/app/app_stub_test.go b/internal/app/app_stub_test.go
index 262055f..be49617 100644
--- a/internal/app/app_stub_test.go
+++ b/internal/app/app_stub_test.go
@@ -17,7 +17,8 @@ type stubNixOS struct {
 	usernameErr map[string]error
 }
 
-func (s *stubNixOS) Geteuid() int                             { return 1971 }
+func (s *stubNixOS) Getuid() int                              { return 1971 }
+func (s *stubNixOS) Getgid() int                              { return 100 }
 func (s *stubNixOS) TempDir() string                          { return "/tmp" }
 func (s *stubNixOS) MustExecutable() string                   { return "/run/wrappers/bin/fortify" }
 func (s *stubNixOS) Exit(code int)                            { panic("called exit on stub with code " + strconv.Itoa(code)) }
diff --git a/internal/sys/interface.go b/internal/sys/interface.go
index 0d2ebaf..935cee5 100644
--- a/internal/sys/interface.go
+++ b/internal/sys/interface.go
@@ -12,8 +12,10 @@ import (
 
 // State provides safe interaction with operating system state.
 type State interface {
-	// Geteuid provides [os.Geteuid].
-	Geteuid() int
+	// Getuid provides [os.Getuid].
+	Getuid() int
+	// Getgid provides [os.Getgid].
+	Getgid() int
 	// LookupEnv provides [os.LookupEnv].
 	LookupEnv(key string) (string, bool)
 	// TempDir provides [os.TempDir].
@@ -47,7 +49,7 @@ type State interface {
 
 // CopyPaths is a generic implementation of [System.Paths].
 func CopyPaths(os State, v *fst.Paths) {
-	v.SharePath = path.Join(os.TempDir(), "fortify."+strconv.Itoa(os.Geteuid()))
+	v.SharePath = path.Join(os.TempDir(), "fortify."+strconv.Itoa(os.Getuid()))
 
 	fmsg.Verbosef("process share directory at %q", v.SharePath)
 
diff --git a/internal/sys/std.go b/internal/sys/std.go
index 132f4c1..5e63396 100644
--- a/internal/sys/std.go
+++ b/internal/sys/std.go
@@ -31,7 +31,8 @@ type Std struct {
 	uidMu sync.RWMutex
 }
 
-func (s *Std) Geteuid() int                                 { return os.Geteuid() }
+func (s *Std) Getuid() int                                  { return os.Getuid() }
+func (s *Std) Getgid() int                                  { return os.Getgid() }
 func (s *Std) LookupEnv(key string) (string, bool)          { return os.LookupEnv(key) }
 func (s *Std) TempDir() string                              { return os.TempDir() }
 func (s *Std) LookPath(file string) (string, error)         { return exec.LookPath(file) }