diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
--- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid	2011-07-21 14:20:31.773602653 +0200
+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c	2011-07-21 14:21:12.302160125 +0200
@@ -33,6 +33,7 @@
 #include <errno.h>
 #include <syslog.h>
 #include <pwd.h>
+#include <grp.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/types.h>
@@ -303,6 +304,23 @@ static int private_dir(pam_handle_t *pam
 		return 1;
 	}
 	if (pid == 0) {
+		/* explicitely change group to ecryptfs if user is member of that group, changing uid is not enough */
+		errno=0;
+		struct group *efsg = getgrnam("ecryptfs");
+		if (efsg==NULL && errno) syslog(LOG_ERR, "unable to list members of ecryptfs group : %m");
+		else
+		{
+			while (*efsg->gr_mem)
+			{
+				if (!strcmp(*efsg->gr_mem, pwd->pw_name))
+				{
+					if (setgid(efsg->gr_gid)<0) syslog(LOG_ERR, "Unable to change group to ecryptfs : %m");
+					break;
+				}
+				efsg->gr_mem++;
+			}
+		}
+
 		if (mount == 1) {
 		        if ((asprintf(&recorded,
 			    "%s/.ecryptfs/.wrapped-passphrase.recorded",