diff --git a/doc/configuration.txt b/doc/configuration.txt
index 5117404cb..c88592a72 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -532,6 +532,8 @@ gid <number>
   Changes the process' group ID to <number>. It is recommended that the group
   ID is dedicated to HAProxy or to a small set of similar daemons. HAProxy must
   be started with a user belonging to this group, or with superuser privileges.
+  Note that if haproxy is started from a user having supplementary groups, it
+  will only be able to drop these groups if started with superuser privileges.
   See also "group" and "uid".
 
 group <group name>
diff --git a/src/haproxy.c b/src/haproxy.c
index 0d826d23f..4503a01c2 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -44,6 +44,7 @@
 #include <sys/resource.h>
 #include <time.h>
 #include <syslog.h>
+#include <grp.h>
 #ifdef USE_CPU_AFFINITY
 #define __USE_GNU
 #include <sched.h>
@@ -1416,10 +1417,16 @@ int main(int argc, char **argv)
 	 */
 
 	/* setgid / setuid */
-	if (global.gid && setgid(global.gid) == -1) {
-		Alert("[%s.main()] Cannot set gid %d.\n", argv[0], global.gid);
-		protocol_unbind_all();
-		exit(1);
+	if (global.gid) {
+		if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
+			Warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
+				" without 'uid'/'user' is generally useless.\n", argv[0]);
+
+		if (setgid(global.gid) == -1) {
+			Alert("[%s.main()] Cannot set gid %d.\n", argv[0], global.gid);
+			protocol_unbind_all();
+			exit(1);
+		}
 	}
 
 	if (global.uid && setuid(global.uid) == -1) {