Why not do a setuid(getuid()) immediately after forking and before the exec() ? The user in the subshell will get his own uid as the effective uid. When the subshell is terminated, you're back in the game with the suid.