Module: Process::UID

Defined in:

process.c

Class Method Summary

• .Process::UID.change_privilege(user) ⇒ Integer

  Change the current process’s real and effective user ID to that specified by user.

• .eid ⇒ Object

  Returns the effective user ID for this process.

• .Process::UID.from_name(name) ⇒ Object

  Get the user ID by the name.

• .grant_privilege(id) ⇒ Object

  Set the effective user ID, and if possible, the saved user ID of the process to the given user.

• .Process::UID.re_exchange ⇒ Integer

  Exchange real and effective user IDs and return the new effective user ID.

• .Process::UID.re_exchangeable? ⇒ Boolean

  Returns true if the real and effective user IDs of a process may be exchanged on the current platform.

• .rid ⇒ Object

  Returns the (real) user ID of this process.

• .Process::UID.sid_available? ⇒ Boolean

  Returns true if the current platform has saved user ID functionality.

• .switch ⇒ Object

Instance Method Summary

• #Process::UID.change_privilege(user) ⇒ Integer private

  Change the current process’s real and effective user ID to that specified by user.

• #eid ⇒ Object private

  Returns the effective user ID for this process.

• #Process::UID.from_name(name) ⇒ Object private

  Get the user ID by the name.

• #grant_privilege(id) ⇒ Object private

  Set the effective user ID, and if possible, the saved user ID of the process to the given user.

• #Process::UID.re_exchange ⇒ Integer private

  Exchange real and effective user IDs and return the new effective user ID.

• #Process::UID.re_exchangeable? ⇒ Boolean private

  Returns true if the real and effective user IDs of a process may be exchanged on the current platform.

• #rid ⇒ Object private

  Returns the (real) user ID of this process.

• #Process::UID.sid_available? ⇒ Boolean private

  Returns true if the current platform has saved user ID functionality.

• #switch ⇒ Object private

Class Method Details

.Process::UID.change_privilege(user) ⇒ Integer

Change the current process’s real and effective user ID to that specified by user. Returns the new user ID. Not available on all platforms.

[Process.uid, Process.euid]          #=> [0, 0]
Process::UID.change_privilege(31)    #=> 31
[Process.uid, Process.euid]          #=> [31, 31]

Returns:

• (Integer)

# File 'process.c', line 6375

static VALUE
p_uid_change_privilege(VALUE obj, VALUE id)
{
    rb_uid_t uid;

    check_uid_switch();

    uid = OBJ2UID(id);

    if (geteuid() == 0) { /* root-user */
#if defined(HAVE_SETRESUID)
  if (setresuid(uid, uid, uid) < 0) rb_sys_fail(0);
  SAVED_USER_ID = uid;
#elif defined(HAVE_SETUID)
  if (setuid(uid) < 0) rb_sys_fail(0);
  SAVED_USER_ID = uid;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
  if (getuid() == uid) {
      if (SAVED_USER_ID == uid) {
    if (setreuid(-1, uid) < 0) rb_sys_fail(0);
      }
      else {
    if (uid == 0) { /* (r,e,s) == (root, root, x) */
        if (setreuid(-1, SAVED_USER_ID) < 0) rb_sys_fail(0);
        if (setreuid(SAVED_USER_ID, 0) < 0) rb_sys_fail(0);
        SAVED_USER_ID = 0; /* (r,e,s) == (x, root, root) */
        if (setreuid(uid, uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
    }
    else {
        if (setreuid(0, -1) < 0) rb_sys_fail(0);
        SAVED_USER_ID = 0;
        if (setreuid(uid, uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
    }
      }
  }
  else {
      if (setreuid(uid, uid) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
  }
#elif defined(HAVE_SETRUID) && defined(HAVE_SETEUID)
  if (getuid() == uid) {
      if (SAVED_USER_ID == uid) {
    if (seteuid(uid) < 0) rb_sys_fail(0);
      }
      else {
    if (uid == 0) {
        if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
        SAVED_USER_ID = 0;
        if (setruid(0) < 0) rb_sys_fail(0);
    }
    else {
        if (setruid(0) < 0) rb_sys_fail(0);
        SAVED_USER_ID = 0;
        if (seteuid(uid) < 0) rb_sys_fail(0);
        if (setruid(uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
    }
      }
  }
  else {
      if (seteuid(uid) < 0) rb_sys_fail(0);
      if (setruid(uid) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
  }
#else
  (void)uid;
  rb_notimplement();
#endif
    }
    else { /* unprivileged user */
#if defined(HAVE_SETRESUID)
  if (setresuid((getuid() == uid)? (rb_uid_t)-1: uid,
          (geteuid() == uid)? (rb_uid_t)-1: uid,
          (SAVED_USER_ID == uid)? (rb_uid_t)-1: uid) < 0) rb_sys_fail(0);
  SAVED_USER_ID = uid;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
  if (SAVED_USER_ID == uid) {
      if (setreuid((getuid() == uid)? (rb_uid_t)-1: uid,
       (geteuid() == uid)? (rb_uid_t)-1: uid) < 0)
    rb_sys_fail(0);
  }
  else if (getuid() != uid) {
      if (setreuid(uid, (geteuid() == uid)? (rb_uid_t)-1: uid) < 0)
    rb_sys_fail(0);
      SAVED_USER_ID = uid;
  }
  else if (/* getuid() == uid && */ geteuid() != uid) {
      if (setreuid(geteuid(), uid) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
      if (setreuid(uid, -1) < 0) rb_sys_fail(0);
  }
  else { /* getuid() == uid && geteuid() == uid */
      if (setreuid(-1, SAVED_USER_ID) < 0) rb_sys_fail(0);
      if (setreuid(SAVED_USER_ID, uid) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
      if (setreuid(uid, -1) < 0) rb_sys_fail(0);
  }
#elif defined(HAVE_SETRUID) && defined(HAVE_SETEUID)
  if (SAVED_USER_ID == uid) {
      if (geteuid() != uid && seteuid(uid) < 0) rb_sys_fail(0);
      if (getuid() != uid && setruid(uid) < 0) rb_sys_fail(0);
  }
  else if (/* SAVED_USER_ID != uid && */ geteuid() == uid) {
      if (getuid() != uid) {
    if (setruid(uid) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
      }
      else {
    if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
    if (setruid(uid) < 0) rb_sys_fail(0);
      }
  }
  else if (/* geteuid() != uid && */ getuid() == uid) {
      if (seteuid(uid) < 0) rb_sys_fail(0);
      if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
      if (setruid(uid) < 0) rb_sys_fail(0);
  }
  else {
      rb_syserr_fail(EPERM, 0);
  }
#elif defined HAVE_44BSD_SETUID
  if (getuid() == uid) {
      /* (r,e,s)==(uid,?,?) ==> (uid,uid,uid) */
      if (setuid(uid) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
  }
  else {
      rb_syserr_fail(EPERM, 0);
  }
#elif defined HAVE_SETEUID
  if (getuid() == uid && SAVED_USER_ID == uid) {
      if (seteuid(uid) < 0) rb_sys_fail(0);
  }
  else {
      rb_syserr_fail(EPERM, 0);
  }
#elif defined HAVE_SETUID
  if (getuid() == uid && SAVED_USER_ID == uid) {
      if (setuid(uid) < 0) rb_sys_fail(0);
  }
  else {
      rb_syserr_fail(EPERM, 0);
  }
#else
  rb_notimplement();
#endif
    }
    return id;
}

.euid ⇒ Integer .Process::UID.eid ⇒ Integer .Process::Sys.geteuid ⇒ Integer

Returns the effective user ID for this process.

Process.euid   #=> 501

Overloads:

• .euid ⇒ Integer

  Returns:

  • (Integer)
• .Process::UID.eid ⇒ Integer

  Returns:

  • (Integer)
• .Process::Sys.geteuid ⇒ Integer

  Returns:

  • (Integer)

# File 'process.c', line 7256

static VALUE
proc_geteuid(VALUE obj)
{
    rb_uid_t euid = geteuid();
    return UIDT2NUM(euid);
}

.Process::UID.from_name(name) ⇒ Object

Get the user ID by the name. If the user is not found, ArgumentError will be raised.

Process::UID.from_name("root") #=> 0
Process::UID.from_name("nosuchuser") #=> can't find user for nosuchuser (ArgumentError)

# File 'process.c', line 6064

static VALUE
p_uid_from_name(VALUE self, VALUE id)
{
    return UIDT2NUM(OBJ2UID(id));
}

.Process::UID.grant_privilege(user) ⇒ Integer .Process::UID.eid=(user) ⇒ Integer

Set the effective user ID, and if possible, the saved user ID of the process to the given user. Returns the new effective user ID. Not available on all platforms.

[Process.uid, Process.euid]          #=> [0, 0]
Process::UID.grant_privilege(31)     #=> 31
[Process.uid, Process.euid]          #=> [0, 31]

Overloads:

• .Process::UID.grant_privilege(user) ⇒ Integer

  Returns:

  • (Integer)
• .Process::UID.eid=(user) ⇒ Integer

  Returns:

  • (Integer)

# File 'process.c', line 7360

static VALUE
p_uid_grant_privilege(VALUE obj, VALUE id)
{
    rb_seteuid_core(OBJ2UID(id));
    return id;
}

.Process::UID.re_exchange ⇒ Integer

Exchange real and effective user IDs and return the new effective user ID. Not available on all platforms.

[Process.uid, Process.euid]   #=> [0, 31]
Process::UID.re_exchange      #=> 0
[Process.uid, Process.euid]   #=> [31, 0]

Returns:

• (Integer)

# File 'process.c', line 7532

static VALUE
p_uid_exchange(VALUE obj)
{
    rb_uid_t uid;
#if defined(HAVE_SETRESUID) || (defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID))
    rb_uid_t euid;
#endif

    check_uid_switch();

    uid = getuid();
#if defined(HAVE_SETRESUID) || (defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID))
    euid = geteuid();
#endif

#if defined(HAVE_SETRESUID)
    if (setresuid(euid, uid, uid) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
    if (setreuid(euid,uid) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
#else
    rb_notimplement();
#endif
    return UIDT2NUM(uid);
}

.Process::UID.re_exchangeable? ⇒ Boolean

Returns true if the real and effective user IDs of a process may be exchanged on the current platform.

Returns:

• (Boolean)

# File 'process.c', line 7507

static VALUE
p_uid_exchangeable(VALUE _)
{
#if defined(HAVE_SETRESUID)
    return Qtrue;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
    return Qtrue;
#else
    return Qfalse;
#endif
}

.uid ⇒ Integer .Process::UID.rid ⇒ Integer .Process::Sys.getuid ⇒ Integer

Returns the (real) user ID of this process.

Process.uid   #=> 501

Overloads:

• .uid ⇒ Integer

  Returns:

  • (Integer)
• .Process::UID.rid ⇒ Integer

  Returns:

  • (Integer)
• .Process::Sys.getuid ⇒ Integer

  Returns:

  • (Integer)

# File 'process.c', line 6287

static VALUE
proc_getuid(VALUE obj)
{
    rb_uid_t uid = getuid();
    return UIDT2NUM(uid);
}

.Process::UID.sid_available? ⇒ Boolean

Returns true if the current platform has saved user ID functionality.

Returns:

• (Boolean)

# File 'process.c', line 7632

static VALUE
p_uid_have_saved_id(VALUE _)
{
#if defined(HAVE_SETRESUID) || defined(HAVE_SETEUID) || defined(_POSIX_SAVED_IDS)
    return Qtrue;
#else
    return Qfalse;
#endif
}

.switch ⇒ Object

# File 'process.c', line 7711

static VALUE
p_uid_switch(VALUE obj)
{
    rb_uid_t uid, euid;

    check_uid_switch();

    uid = getuid();
    euid = geteuid();

    if (uid == euid) {
  rb_syserr_fail(EPERM, 0);
    }
    p_uid_exchange(obj);
    if (rb_block_given_p()) {
  under_uid_switch = 1;
  return rb_ensure(rb_yield, Qnil, p_uid_sw_ensure, obj);
    }
    else {
  return UIDT2NUM(euid);
    }
}

Instance Method Details

#Process::UID.change_privilege(user) ⇒ Integer (private)

Change the current process’s real and effective user ID to that specified by user. Returns the new user ID. Not available on all platforms.

[Process.uid, Process.euid]          #=> [0, 0]
Process::UID.change_privilege(31)    #=> 31
[Process.uid, Process.euid]          #=> [31, 31]

Returns:

• (Integer)

# File 'process.c', line 6375

static VALUE
p_uid_change_privilege(VALUE obj, VALUE id)
{
    rb_uid_t uid;

    check_uid_switch();

    uid = OBJ2UID(id);

    if (geteuid() == 0) { /* root-user */
#if defined(HAVE_SETRESUID)
  if (setresuid(uid, uid, uid) < 0) rb_sys_fail(0);
  SAVED_USER_ID = uid;
#elif defined(HAVE_SETUID)
  if (setuid(uid) < 0) rb_sys_fail(0);
  SAVED_USER_ID = uid;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
  if (getuid() == uid) {
      if (SAVED_USER_ID == uid) {
    if (setreuid(-1, uid) < 0) rb_sys_fail(0);
      }
      else {
    if (uid == 0) { /* (r,e,s) == (root, root, x) */
        if (setreuid(-1, SAVED_USER_ID) < 0) rb_sys_fail(0);
        if (setreuid(SAVED_USER_ID, 0) < 0) rb_sys_fail(0);
        SAVED_USER_ID = 0; /* (r,e,s) == (x, root, root) */
        if (setreuid(uid, uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
    }
    else {
        if (setreuid(0, -1) < 0) rb_sys_fail(0);
        SAVED_USER_ID = 0;
        if (setreuid(uid, uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
    }
      }
  }
  else {
      if (setreuid(uid, uid) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
  }
#elif defined(HAVE_SETRUID) && defined(HAVE_SETEUID)
  if (getuid() == uid) {
      if (SAVED_USER_ID == uid) {
    if (seteuid(uid) < 0) rb_sys_fail(0);
      }
      else {
    if (uid == 0) {
        if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
        SAVED_USER_ID = 0;
        if (setruid(0) < 0) rb_sys_fail(0);
    }
    else {
        if (setruid(0) < 0) rb_sys_fail(0);
        SAVED_USER_ID = 0;
        if (seteuid(uid) < 0) rb_sys_fail(0);
        if (setruid(uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
    }
      }
  }
  else {
      if (seteuid(uid) < 0) rb_sys_fail(0);
      if (setruid(uid) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
  }
#else
  (void)uid;
  rb_notimplement();
#endif
    }
    else { /* unprivileged user */
#if defined(HAVE_SETRESUID)
  if (setresuid((getuid() == uid)? (rb_uid_t)-1: uid,
          (geteuid() == uid)? (rb_uid_t)-1: uid,
          (SAVED_USER_ID == uid)? (rb_uid_t)-1: uid) < 0) rb_sys_fail(0);
  SAVED_USER_ID = uid;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
  if (SAVED_USER_ID == uid) {
      if (setreuid((getuid() == uid)? (rb_uid_t)-1: uid,
       (geteuid() == uid)? (rb_uid_t)-1: uid) < 0)
    rb_sys_fail(0);
  }
  else if (getuid() != uid) {
      if (setreuid(uid, (geteuid() == uid)? (rb_uid_t)-1: uid) < 0)
    rb_sys_fail(0);
      SAVED_USER_ID = uid;
  }
  else if (/* getuid() == uid && */ geteuid() != uid) {
      if (setreuid(geteuid(), uid) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
      if (setreuid(uid, -1) < 0) rb_sys_fail(0);
  }
  else { /* getuid() == uid && geteuid() == uid */
      if (setreuid(-1, SAVED_USER_ID) < 0) rb_sys_fail(0);
      if (setreuid(SAVED_USER_ID, uid) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
      if (setreuid(uid, -1) < 0) rb_sys_fail(0);
  }
#elif defined(HAVE_SETRUID) && defined(HAVE_SETEUID)
  if (SAVED_USER_ID == uid) {
      if (geteuid() != uid && seteuid(uid) < 0) rb_sys_fail(0);
      if (getuid() != uid && setruid(uid) < 0) rb_sys_fail(0);
  }
  else if (/* SAVED_USER_ID != uid && */ geteuid() == uid) {
      if (getuid() != uid) {
    if (setruid(uid) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
      }
      else {
    if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
    if (setruid(uid) < 0) rb_sys_fail(0);
      }
  }
  else if (/* geteuid() != uid && */ getuid() == uid) {
      if (seteuid(uid) < 0) rb_sys_fail(0);
      if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
      if (setruid(uid) < 0) rb_sys_fail(0);
  }
  else {
      rb_syserr_fail(EPERM, 0);
  }
#elif defined HAVE_44BSD_SETUID
  if (getuid() == uid) {
      /* (r,e,s)==(uid,?,?) ==> (uid,uid,uid) */
      if (setuid(uid) < 0) rb_sys_fail(0);
      SAVED_USER_ID = uid;
  }
  else {
      rb_syserr_fail(EPERM, 0);
  }
#elif defined HAVE_SETEUID
  if (getuid() == uid && SAVED_USER_ID == uid) {
      if (seteuid(uid) < 0) rb_sys_fail(0);
  }
  else {
      rb_syserr_fail(EPERM, 0);
  }
#elif defined HAVE_SETUID
  if (getuid() == uid && SAVED_USER_ID == uid) {
      if (setuid(uid) < 0) rb_sys_fail(0);
  }
  else {
      rb_syserr_fail(EPERM, 0);
  }
#else
  rb_notimplement();
#endif
    }
    return id;
}

#euid ⇒ Integer (private) #Process::UID.eid ⇒ Integer (private) #Process::Sys.geteuid ⇒ Integer (private)

Returns the effective user ID for this process.

Process.euid   #=> 501

Overloads:

• #euid ⇒ Integer

  Returns:

  • (Integer)
• #Process::UID.eid ⇒ Integer

  Returns:

  • (Integer)
• #Process::Sys.geteuid ⇒ Integer

  Returns:

  • (Integer)

# File 'process.c', line 7256

static VALUE
proc_geteuid(VALUE obj)
{
    rb_uid_t euid = geteuid();
    return UIDT2NUM(euid);
}

#Process::UID.from_name(name) ⇒ Object (private)

Get the user ID by the name. If the user is not found, ArgumentError will be raised.

Process::UID.from_name("root") #=> 0
Process::UID.from_name("nosuchuser") #=> can't find user for nosuchuser (ArgumentError)

# File 'process.c', line 6064

static VALUE
p_uid_from_name(VALUE self, VALUE id)
{
    return UIDT2NUM(OBJ2UID(id));
}

#Process::UID.grant_privilege(user) ⇒ Integer (private) #Process::UID.eid=(user) ⇒ Integer (private)

Set the effective user ID, and if possible, the saved user ID of the process to the given user. Returns the new effective user ID. Not available on all platforms.

[Process.uid, Process.euid]          #=> [0, 0]
Process::UID.grant_privilege(31)     #=> 31
[Process.uid, Process.euid]          #=> [0, 31]

Overloads:

• #Process::UID.grant_privilege(user) ⇒ Integer

  Returns:

  • (Integer)
• #Process::UID.eid=(user) ⇒ Integer

  Returns:

  • (Integer)

# File 'process.c', line 7360

static VALUE
p_uid_grant_privilege(VALUE obj, VALUE id)
{
    rb_seteuid_core(OBJ2UID(id));
    return id;
}

#Process::UID.re_exchange ⇒ Integer (private)

Exchange real and effective user IDs and return the new effective user ID. Not available on all platforms.

[Process.uid, Process.euid]   #=> [0, 31]
Process::UID.re_exchange      #=> 0
[Process.uid, Process.euid]   #=> [31, 0]

Returns:

• (Integer)

# File 'process.c', line 7532

static VALUE
p_uid_exchange(VALUE obj)
{
    rb_uid_t uid;
#if defined(HAVE_SETRESUID) || (defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID))
    rb_uid_t euid;
#endif

    check_uid_switch();

    uid = getuid();
#if defined(HAVE_SETRESUID) || (defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID))
    euid = geteuid();
#endif

#if defined(HAVE_SETRESUID)
    if (setresuid(euid, uid, uid) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
    if (setreuid(euid,uid) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
#else
    rb_notimplement();
#endif
    return UIDT2NUM(uid);
}

#Process::UID.re_exchangeable? ⇒ Boolean (private)

Returns true if the real and effective user IDs of a process may be exchanged on the current platform.

Returns:

• (Boolean)

# File 'process.c', line 7507

static VALUE
p_uid_exchangeable(VALUE _)
{
#if defined(HAVE_SETRESUID)
    return Qtrue;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
    return Qtrue;
#else
    return Qfalse;
#endif
}

#uid ⇒ Integer (private) #Process::UID.rid ⇒ Integer (private) #Process::Sys.getuid ⇒ Integer (private)

Returns the (real) user ID of this process.

Process.uid   #=> 501

Overloads:

• #uid ⇒ Integer

  Returns:

  • (Integer)
• #Process::UID.rid ⇒ Integer

  Returns:

  • (Integer)
• #Process::Sys.getuid ⇒ Integer

  Returns:

  • (Integer)

# File 'process.c', line 6287

static VALUE
proc_getuid(VALUE obj)
{
    rb_uid_t uid = getuid();
    return UIDT2NUM(uid);
}

#Process::UID.sid_available? ⇒ Boolean (private)

Returns true if the current platform has saved user ID functionality.

Returns:

• (Boolean)

# File 'process.c', line 7632

static VALUE
p_uid_have_saved_id(VALUE _)
{
#if defined(HAVE_SETRESUID) || defined(HAVE_SETEUID) || defined(_POSIX_SAVED_IDS)
    return Qtrue;
#else
    return Qfalse;
#endif
}

#switch ⇒ Object (private)

# File 'process.c', line 7711

static VALUE
p_uid_switch(VALUE obj)
{
    rb_uid_t uid, euid;

    check_uid_switch();

    uid = getuid();
    euid = geteuid();

    if (uid == euid) {
  rb_syserr_fail(EPERM, 0);
    }
    p_uid_exchange(obj);
    if (rb_block_given_p()) {
  under_uid_switch = 1;
  return rb_ensure(rb_yield, Qnil, p_uid_sw_ensure, obj);
    }
    else {
  return UIDT2NUM(euid);
    }
}