There is a concept of both a "real" and "effective" uid in a process. Most things that a process does are done in the context of the "effective uid". ( For example, if you open a file, it will be owned by the effective uid).

If the process is running as the root user, it can change both it's real and effective uid. The catch is, you can only change these if your "effective" uid is 0 (root).

So, yes, you can change them midstream, but your effective uid had to be '0' when you started, and you'll have to reset it back to '0' before you change it to something else. Further complicating the matter, you can't set it to '0' unless your real uid is '0'. Whee.

This means the script has to be run as root, either directly, or via setuid flags on the script. This can be dangerous. Caveat Emptor.

Items to peruse:

• perldoc perlvar: see $>,$<,$(, and $)
• perldoc perlsec
• perldoc -f getpwnam,getpwuid,etc
• perldoc POSIX (getgroups specifically)

An example:

#!/usr/bin/perl -wT
#
# -T to set taint mode
use strict;
#
# setup ENV for taint mode
#
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};   
$ENV{PATH}="/bin:/usr/bin";
#
# die unless the process is running with
# an effective uid of 0 (root)
#
die "Must run as root" unless ($> == 0);
#
# explicitly set real uid to 0 (root),
# so that we can switch effective uid at will
#
$<=0;
if ($< != 0) {
    die "Couldn't set real uid to 0: $!\n";
}
if( my $id =getpwnam("http")) {
     # set the effective uid to http's uid     
     $>=$id;
     if ($> != $id) {die "seteuid failed: $!\n"}
     # run the id shell command that lists uid,euid,etc
     system("id");
}
if( my $otherid =getpwnam("nobody")) {
     # reset the effective uid to 0, or you won't be able to
     # set it to nobody's uid
     $>=0;
     $>=$otherid;
     if ($> != $otherid) {die "seteuid failed: $!\n"}
     system("id");
}
[download]

Update: I was addressing the question rather directly. (changing uid's midway through a script). It's probably a better idea to use two different scripts, and something like sudo or super that would allow one user to run a script as another user. Setuid scripts should be a last resort.