Comment 9 for bug 1871543

Knowing that --no-drop-privileges is related I was breaking that into sub-sections.

I set -O0 for better debugging.
Then I dropped code of the drop-priv section.

This section is it:
1755 if (setgroups(0, NULL) < 0 ||
1756 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0 ||
1757 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) {
1758 r = -errno;
1759 syslog(LOG_ERR, "Failed to become %s: %s\n", username, strerror(errno));
1760 return r;
1761 }

All three work:
__GI_setgroups (n=0, groups=0x0)
__GI___setresgid (rgid=114, egid=114, sgid=114)
__GI___setresuid (ruid=109, euid=109, suid=109)

IDs match:

$ id 109
uid=109(rtkit) gid=114(rtkit) groups=114(rtkit)

So it is actually indeed user-related like https://bbs.archlinux.org/viewtopic.php?id=230079 was.

I see no difference in the user in my test system vs the failing one.