diff --git a/lib/core/libwebsockets.c b/lib/core/libwebsockets.c
index a781b1b82..413bddffb 100644
--- a/lib/core/libwebsockets.c
+++ b/lib/core/libwebsockets.c
@@ -2894,6 +2894,13 @@ lws_finalize_startup(struct lws_context *context)
 	return 0;
 }
 
+LWS_VISIBLE LWS_EXTERN void
+lws_get_effective_uid_gid(struct lws_context *context, int *uid, int *gid)
+{
+	*uid = context->uid;
+	*gid = context->gid;
+}
+
 int
 lws_snprintf(char *str, size_t size, const char *format, ...)
 {
diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index 273f835e6..a68ec5d03 100644
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -5930,6 +5930,21 @@ lws_get_parent(const struct lws *wsi);
 LWS_VISIBLE LWS_EXTERN struct lws * LWS_WARN_UNUSED_RESULT
 lws_get_child(const struct lws *wsi);
 
+/**
+ * lws_get_effective_uid_gid() - find out eventual uid and gid while still root
+ *
+ * \param context: lws context
+ * \param uid: pointer to uid result
+ * \param gid: pointer to gid result
+ *
+ * This helper allows you to find out what the uid and gid for the process will
+ * be set to after the privileges are dropped, beforehand.  So while still root,
+ * eg in LWS_CALLBACK_PROTOCOL_INIT, you can arrange things like cache dir
+ * and subdir creation / permissions down /var/cache dynamically.
+ */
+LWS_VISIBLE LWS_EXTERN void
+lws_get_effective_uid_gid(struct lws_context *context, int *uid, int *gid);
+
 /**
  * lws_get_udp() - get wsi's udp struct
  *