What's the purpose of each of the different UIDs a process can have?

Each UNIX process has 3 UIDs associated to it. Superuser privilege is UID=0.

Real UID

This is the UID of the user/process that created THIS process. It can be changed only if the running process has EUID=0.

Effective UID

This UID is used to evaluate privileges of the process to perform a particular action. EUID can be changed either to RUID, or SUID if EUID!=0. If EUID=0, it can be changed to anything.

Saved UID

If you run an executable with the set-UID bit set, then the resulting running process will start off with a real UID of the real user running it, and an effective and saved UID of the owner of the executable file. If the process then calls setuid() or seteuid() to change their effective UID, they can still get back their original privileges again thanks to the saved UID. If the set-UID bit is not set, SUID will be the RUID.

The real uid is the id of the user that launched a process.

The effective uid typically is the same as the real uid. It is different only if:

  • the executable had the set-uid bit set, and the executable owner is different than the user calling it

  • or if a set-uid process calls setuid(2). If the process has superuser privileges, any argument to setuid(2) is allowed (but then all *-uids get set to the same value); otherwise, setuid(2) can be called with the real-uid or the effective-uid or the saved-uid.

The saved-uid is the effective-uid the process had when it started, and it's saved in order to be allowed as an argument to the various set*uid system calls.

Note that a process with superuser privilege calling setuid(2) to change its effective uid will also have the real uid and saved uid changed to the same value, so the non-POSIX seteuid(2) should be used instead.

All of the above apply to (real|effective|saved) group ids too.

In addition to the real, effective, and saved UIDs, Unix systems with auditing enabled also have the audit UID. A process's AUID identifies the user who started the process; it is not changed by setuid(2) or seteuid(2). The intent is that it remains constant through the process and is used only to tag audit records. Thus, if a user executes a privileged shell (even an authorized user via su or sudo), the audit records of that process are tagged from that user.