Why don't you just set the uid and gid bits before execl'ing the shell? ie: setgid(getgid()&IDMASK); setuid(getuid()&IDMASK); execl(sh == NULL ? "/bin/sh" : sh, "sh", "-i", 0); perror("No shell."); exit(-1); it seems a lot better than kacking your kernel. laura creighton utzoo!utcsstat!laura