I quite feel like setuid(2) kind of syscalls ought to be deprecated, it shouldn't be left to ~random system programs to provide a clean or even appropriate OS runtime.

Instead you probably should have something in the style of posix_spawn with few more parameters for say authentication results (ie. user login) or capabilities (ie. daemon with privilege separation).