I'm not sure that I see how this would solve the original problem.
   Namely, how to safely open an arbitrary file with the original user's
   creditials while running at elevated priviledge.  The above mechanism
   requires a central daemon to do something, which strikes me as adding
   a lot of hair to the system.
   
   I'd still like to know why code like the following won't work.
   
   	euid = geteuid();
   	seteuid(getuid());
   	<stuff>
   	seteuid(euid);
   
   See my previous message for the details as to why I think this will
   work.


you are forgetting the presence of the setr*id(2) calls, which introduce
a number of other scenarios that i believe fail (in NetBSD, these are
real system calls not library functions as in 4.4BSD).