diff --git a/servers/avfs/exec.c b/servers/avfs/exec.c
index 7c00d3f32..3f6e4a7e2 100644
--- a/servers/avfs/exec.c
+++ b/servers/avfs/exec.c
@@ -179,7 +179,7 @@ PUBLIC int pm_exec(int proc_e, char *path, vir_bytes path_len, char *frame,
 
 	if ((vp->v_mode & I_TYPE) != I_REGULAR)
 		r = ENOEXEC;
-	else if ((r1 = forbidden(vp, X_BIT)) != OK)
+	else if ((r1 = forbidden(fp, vp, X_BIT)) != OK)
 		r = r1;
 	else
 		r = req_stat(vp->v_fs_e, vp->v_inode_nr, VFS_PROC_NR,
diff --git a/servers/avfs/link.c b/servers/avfs/link.c
index dc51c2d57..4dc72b4b3 100644
--- a/servers/avfs/link.c
+++ b/servers/avfs/link.c
@@ -66,7 +66,7 @@ PUBLIC int do_link()
   if (vp->v_fs_e != dirp->v_fs_e)
 	r = EXDEV;
   else
-	r = forbidden(dirp, W_BIT | X_BIT);
+	r = forbidden(fp, dirp, W_BIT | X_BIT);
 
   if (r == OK)
 	r = req_link(vp->v_fs_e, dirp->v_inode_nr, fullpath,
@@ -117,7 +117,7 @@ PUBLIC int do_unlink()
   }
 
   /* The caller must have both search and execute permission */
-  if ((r = forbidden(dirp, X_BIT | W_BIT)) != OK) {
+  if ((r = forbidden(fp, dirp, X_BIT | W_BIT)) != OK) {
 	unlock_vnode(dirp);
 	unlock_vmnt(vmp);
 	put_vnode(dirp);
@@ -243,8 +243,8 @@ PUBLIC int do_rename()
   if (old_dirp->v_fs_e != new_dirp->v_fs_e) r = EXDEV;
 
   /* Parent dirs must be writable, searchable and on a writable device */
-  if ((r1 = forbidden(old_dirp, W_BIT|X_BIT)) != OK ||
-      (r1 = forbidden(new_dirp, W_BIT|X_BIT)) != OK) r = r1;
+  if ((r1 = forbidden(fp, old_dirp, W_BIT|X_BIT)) != OK ||
+      (r1 = forbidden(fp, new_dirp, W_BIT|X_BIT)) != OK) r = r1;
 
   if (r == OK) {
 	tll_upgrade(&oldvmp->m_lock); /* Upgrade to exclusive access */
@@ -289,7 +289,7 @@ PUBLIC int do_truncate()
   if ((vp = eat_path(&resolve, fp)) == NULL) return(err_code);
 
   /* Ask FS to truncate the file */
-  if ((r = forbidden(vp, W_BIT)) == OK)
+  if ((r = forbidden(fp, vp, W_BIT)) == OK)
 	r = truncate_vnode(vp, m_in.flength);
 
   unlock_vnode(vp);
@@ -366,7 +366,7 @@ PUBLIC int do_slink()
 
   if ((vp = last_dir(&resolve, fp)) == NULL) return(err_code);
 
-  if ((r = forbidden(vp, W_BIT|X_BIT)) == OK) {
+  if ((r = forbidden(fp, vp, W_BIT|X_BIT)) == OK) {
 	r = req_slink(vp->v_fs_e, vp->v_inode_nr, fullpath, who_e,
 		      m_in.name1, m_in.name1_length - 1, fp->fp_effuid,
 		      fp->fp_effgid);
diff --git a/servers/avfs/open.c b/servers/avfs/open.c
index e3cbf4470..d0c652108 100644
--- a/servers/avfs/open.c
+++ b/servers/avfs/open.c
@@ -139,13 +139,13 @@ PUBLIC int common_open(char path[PATH_MAX], int oflags, mode_t omode)
   /* Only do the normal open code if we didn't just create the file. */
   if (exist) {
 	/* Check protections. */
-	if ((r = forbidden(vp, bits)) == OK) {
+	if ((r = forbidden(fp, vp, bits)) == OK) {
 		/* Opening reg. files, directories, and special files differ */
 		switch (vp->v_mode & I_TYPE) {
 		   case I_REGULAR:
 			/* Truncate regular file if O_TRUNC. */
 			if (oflags & O_TRUNC) {
-				if ((r = forbidden(vp, W_BIT)) != OK)
+				if ((r = forbidden(fp, vp, W_BIT)) != OK)
 					break;
 				truncate_vnode(vp, 0);
 			}
@@ -351,7 +351,7 @@ PRIVATE struct vnode *new_node(struct lookup *resolve, int oflags, mode_t bits)
 
 	lock_vnode(vp, VNODE_OPCL);
 
-	if ((r = forbidden(dirp, W_BIT|X_BIT)) != OK ||
+	if ((r = forbidden(fp, dirp, W_BIT|X_BIT)) != OK ||
 	    (r = req_create(dirp->v_fs_e, dirp->v_inode_nr,bits, fp->fp_effuid,
 			    fp->fp_effgid, path, &res)) != OK ) {
 		/* Can't create inode either due to permissions or some other
@@ -530,7 +530,7 @@ PUBLIC int do_mknod()
   /* Make sure that the object is a directory */
   if ((vp->v_mode & I_TYPE) != I_DIRECTORY) {
 	r = ENOTDIR;
-  } else if ((r = forbidden(vp, W_BIT|X_BIT)) == OK) {
+  } else if ((r = forbidden(fp, vp, W_BIT|X_BIT)) == OK) {
 	r = req_mknod(vp->v_fs_e, vp->v_inode_nr, fullpath, fp->fp_effuid,
 		      fp->fp_effgid, bits, m_in.mk_z0);
   }
@@ -566,7 +566,7 @@ PUBLIC int do_mkdir()
   /* Make sure that the object is a directory */
   if ((vp->v_mode & I_TYPE) != I_DIRECTORY) {
 	r = ENOTDIR;
-  } else if ((r = forbidden(vp, W_BIT|X_BIT)) == OK) {
+  } else if ((r = forbidden(fp, vp, W_BIT|X_BIT)) == OK) {
 	r = req_mkdir(vp->v_fs_e, vp->v_inode_nr, fullpath, fp->fp_effuid,
 		      fp->fp_effgid, bits);
   }
diff --git a/servers/avfs/path.c b/servers/avfs/path.c
index d33f711a8..a6945458f 100644
--- a/servers/avfs/path.c
+++ b/servers/avfs/path.c
@@ -795,7 +795,7 @@ size_t pathlen;
   if ((vp = eat_path(&resolve, rfp)) == NULL) return(err_code);
 
   /* check permissions */
-  r = forbidden(vp, (R_BIT | W_BIT));
+  r = forbidden(rfp, vp, (R_BIT | W_BIT));
 
   unlock_vnode(vp);
   unlock_vmnt(vmp);
diff --git a/servers/avfs/protect.c b/servers/avfs/protect.c
index 45df97349..04325c614 100644
--- a/servers/avfs/protect.c
+++ b/servers/avfs/protect.c
@@ -198,7 +198,7 @@ PUBLIC int do_access()
 	return(err_code);
   if ((vp = eat_path(&resolve, fp)) == NULL) return(err_code);
 
-  r = forbidden(vp, m_in.mode);
+  r = forbidden(fp, vp, m_in.mode);
 
   unlock_vnode(vp);
   unlock_vmnt(vmp);
@@ -211,7 +211,7 @@ PUBLIC int do_access()
 /*===========================================================================*
  *				forbidden				     *
  *===========================================================================*/
-PUBLIC int forbidden(struct vnode *vp, mode_t access_desired)
+PUBLIC int forbidden(struct fproc *rfp, struct vnode *vp, mode_t access_desired)
 {
 /* Given a pointer to an vnode, 'vp', and the access desired, determine
  * if the access is allowed, and if not why not.  The routine looks up the
@@ -228,8 +228,8 @@ PUBLIC int forbidden(struct vnode *vp, mode_t access_desired)
 
   /* Isolate the relevant rwx bits from the mode. */
   bits = vp->v_mode;
-  uid = (call_nr == ACCESS ? fp->fp_realuid : fp->fp_effuid);
-  gid = (call_nr == ACCESS ? fp->fp_realgid : fp->fp_effgid);
+  uid = (call_nr == ACCESS ? rfp->fp_realuid : rfp->fp_effuid);
+  gid = (call_nr == ACCESS ? rfp->fp_realgid : rfp->fp_effgid);
 
   if (uid == SU_UID) {
 	/* Grant read and write permission.  Grant search permission for
diff --git a/servers/avfs/proto.h b/servers/avfs/proto.h
index e0a815293..432ef3a52 100644
--- a/servers/avfs/proto.h
+++ b/servers/avfs/proto.h
@@ -210,7 +210,8 @@ _PROTOTYPE( int do_access, (void)					);
 _PROTOTYPE( int do_chmod, (void)					);
 _PROTOTYPE( int do_chown, (void)					);
 _PROTOTYPE( int do_umask, (void)					);
-_PROTOTYPE( int forbidden, (struct vnode *vp, mode_t access_desired)	);
+_PROTOTYPE( int forbidden, (struct fproc *rfp, struct vnode *vp,
+			    mode_t access_desired)			);
 _PROTOTYPE( int read_only, (struct vnode *vp)				);
 
 /* read.c */
diff --git a/servers/avfs/stadir.c b/servers/avfs/stadir.c
index ec8920b71..bc49bf9c4 100644
--- a/servers/avfs/stadir.c
+++ b/servers/avfs/stadir.c
@@ -111,7 +111,7 @@ struct vnode *vp;		/* this is what the inode has to become */
   if ((vp->v_mode & I_TYPE) != I_DIRECTORY)
 	r = ENOTDIR;
   else
-	r = forbidden(vp, X_BIT);	/* Check if dir is searchable*/
+	r = forbidden(fp, vp, X_BIT);	/* Check if dir is searchable*/
   if (r != OK) return(r);
 
   /* Everything is OK.  Make the change. */
diff --git a/servers/avfs/time.c b/servers/avfs/time.c
index 77892808d..29b84e320 100644
--- a/servers/avfs/time.c
+++ b/servers/avfs/time.c
@@ -45,7 +45,7 @@ PUBLIC int do_utime()
   /* Only the owner of a file or the super user can change its name. */
   r = OK;
   if (vp->v_uid != fp->fp_effuid && fp->fp_effuid != SU_UID) r = EPERM;
-  if (m_in.utime_length == 0 && r != OK) r = forbidden(vp, W_BIT);
+  if (m_in.utime_length == 0 && r != OK) r = forbidden(fp, vp, W_BIT);
   if (read_only(vp) != OK) r = EROFS; /* Not even su can touch if R/O */
   if (r == OK) {
 	/* Issue request */