>   If uid (of the mount_portal child) == 0, lower our credentials
>     (including setgroups()) to those of the calling process,
>     i.e., use the code as it is.
>   Else, if uid of the mount_portal child match uid of the calling
>     process, and gid of the mount_portal child is contained in the
>     calling process' pcr_groups, then simply continue (skip
>     seteuid, setgroups, and setegid calls).

Hmm.

Shouldn't/couldn't this be handled by making the directories within
the portal filesystem mode 0700 and owned by the user who mounted the
portal?

					- Bill