I had hoped the attached quick hack would fix my issue when testing
with the attached vm-image config from
<https://lists.gnu.org/archive/html/guix-devel/2019-11/msg00421.html>.
That is, I wanted it to suffice to set Gitolite’s umask to #o0027 as
described in the manual instead of #o0022, after I do `usermod -aG git
fcgiwrap`.  But instead I get “Operation not permitted” error from
setgroups.  I will try again later with the position of setuid and
setgroups call swapped.

The hack makes make-forkexec-constructor use the supplementary groups
from the user.  Systemd uses them by default.  However they should be
made more configurable.

Regards,
Florian