diff --git a/Userland/passwd.cpp b/Userland/passwd.cpp
index e131081d3e..5e9ed17e4b 100644
--- a/Userland/passwd.cpp
+++ b/Userland/passwd.cpp
@@ -39,7 +39,7 @@ int main(int argc, char** argv)
         return 1;
     }
 
-    if (pledge("stdio wpath rpath cpath tty", nullptr) < 0) {
+    if (pledge("stdio wpath rpath cpath tty id", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -86,6 +86,27 @@ int main(int argc, char** argv)
         return 1;
     }
 
+    // Drop privileges after opening all the files through the Core::Account object.
+    auto gid = getgid();
+    if (setresgid(gid, gid, gid) < 0) {
+        perror("setresgid");
+        return 1;
+    }
+
+    auto uid = getuid();
+    if (setresuid(uid, uid, uid) < 0) {
+        perror("setresuid");
+        return 1;
+    }
+
+    // Make sure /etc/passwd is open and ready for reading, then we can drop a bunch of pledge promises.
+    setpwent();
+
+    if (pledge("stdio tty", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     // target_account is the account we are changing the password of.
     auto target_account = account_or_error.value();