When mount.ecrpytfs_private calls set setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private. Reference: https://launchpad.net/bugs/830850
Created attachment 519393 [details] proposed patch
Public now via Ubuntu advisory: http://www.ubuntu.com/usn/usn-1196-1/
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:1241 https://rhn.redhat.com/errata/RHSA-2011-1241.html