Proper chowning procedure

If a program running as root should open a file as another user, don't play stat() and chown() games, instead

fork
have child process setgid/setuid to the target user
open file normally (using O_EXCL is still important)

This requires no checks whatsoever in your code - if the user can open it, it works.  If the user shouldn't be able to, it won't.  No need to chown() the file, etc.