Move initgroups() for -U option into display_privs() so group matching

in sudoers works correctly.

parse.c

@@ -213,6 +213,19 @@ display_privs(pw)
     struct userspec *us;
     struct cmndtag tags;
 
+#if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS)
+    /* Set group vector so group matching works correctly. */
+    if (pw != sudo_user.pw) {
+       (void) initgroups(pw->pw_name, pw->pw_gid);
+       if ((user_ngroups = getgroups(0, NULL)) > 0) {
+	   user_groups = erealloc3(user_groups, user_ngroups, sizeof(gid_t));
+	   if (getgroups(user_ngroups, user_groups) < 0)
+	       log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
+       } else
+	   user_ngroups = 0;
+    }
+#endif
+
     display_defaults(pw);
 
     print_priv4("\n", "User ", pw->pw_name,

sudo.c

@@ -872,10 +872,6 @@ parse_args(argc, argv)
 		    usage(1);
 		if ((list_pw = sudo_getpwnam(NewArgv[1])) == NULL)
 		    errorx(1, "unknown user %s", NewArgv[1]);
-#ifdef HAVE_INITGROUPS
-		/* Set group vector so group matching works correctly. */
-		(void) initgroups(list_pw->pw_name, list_pw->pw_gid);
-#endif
 		NewArgc--;
 		NewArgv++;
 		break;