I wanted to reliably temporarily or permanently drop privileges from
Ruby so I tried porting the code in …

http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf

But rapidly found that…
a) They strongly recommend you use setresuid/getresuid
b) Ruby strangely enough has setresuid but not getresuid.

Any idea why?

Anyhoo, here is a crude sudo based hack around…

module Privilege

def Privilege::drop_privilege_temporarily(&block)
   # Doesn't look like we've been sudone... So do nothing...
   if ENV.has_key? "SUDO_UID"
      block.call
      return
   end

   sudo_uid = ENV["SUDO_UID"].to_i

   current_uid = Process::Sys::geteuid

   begin
      Process::Sys::seteuid( sudo_uid)
      block.call

   ensure
      Process::Sys::seteuid( current_uid)
   end
end

end

p Process::Sys::geteuid

Privilege::drop_privilege_temporarily do

p Process::Sys::geteuid

end

p Process::Sys::geteuid

John C. Phone : (64)(3) 358 6639
Tait Electronics Fax : (64)(3) 359 4632
PO Box 1645 Christchurch Email : [email protected]
New Zealand