Hi,

playing around a bit with setgroups(2), I noticed that it cannot be used 
by an unprivileged user to drop group membership, since the getgroups(2) 
system call is restricted to users with the proper privileges. This is a 
common behavior among NetBSD, Linux, Solaris, IRIX, and probably many more.

So how can I drop the membership to additional groups?

Roland