diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index ee5f8d81..14e30789 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -1029,7 +1029,7 @@ static int curl_download_internal_sandboxed(alpm_handle_t *handle,
 			_alpm_log(handle, ALPM_LOG_ERROR, _("could not chdir to download directory %s\n"), localpath);
 			ret = -1;
 		} else {
-			ret = alpm_sandbox_child(handle->sandboxuser);
+			ret = alpm_sandbox_setup_child(handle->sandboxuser);
 			if (ret != 0) {
 				_alpm_log(handle, ALPM_LOG_ERROR, _("switching to sandbox user '%s' failed!\n"), handle->sandboxuser);
 				_Exit(2);
diff --git a/src/pacman/conf.c b/src/pacman/conf.c
index ba5e1f5d..2cf56bf1 100644
--- a/src/pacman/conf.c
+++ b/src/pacman/conf.c
@@ -218,7 +218,7 @@ static char *get_tempfile(const char *path, const char *filename)
  * - not thread-safe
  * - errno may be set by fork(), pipe(), or execvp()
  */
-static int systemvp(const char *file, char *const argv[])
+static int systemvp(const char *file, char *const argv[], const char *sandboxuser)
 {
 	int pid, err = 0, ret = -1, err_fd[2];
 	sigset_t oldblock;
@@ -245,6 +245,14 @@ static int systemvp(const char *file, char *const argv[])
 		sigaction(SIGQUIT, &oldquit, NULL);
 		sigprocmask(SIG_SETMASK, &oldblock, NULL);
 
+		if (sandboxuser) {
+			ret = alpm_sandbox_setup_child(sandboxuser);
+			if (ret != 0) {
+				pm_printf(ALPM_LOG_ERROR, _("switching to sandbox user '%s' failed!\n"), sandboxuser);
+				_Exit(ret);
+			}
+		}
+
 		execvp(file, argv);
 
 		/* execvp failed, pass the error back to the parent */
@@ -355,7 +363,7 @@ static int download_with_xfercommand(void *ctx, const char *url,
 			free(cmd);
 		}
 	}
-	retval = systemvp(argv[0], (char**)argv);
+	retval = systemvp(argv[0], (char**)argv, config->sandboxuser);
 
 	if(retval == -1) {
 		pm_printf(ALPM_LOG_WARNING, _("running XferCommand: fork failed!\n"));