There are at least 6 different IDs associated with any given process. Because of this you have to be very careful with the access that your process has at any given time. In particular, all seteuid applications should give up their privileges as soon as it is no longer required.
The real user ID can only be changed by a superuser process. The login program sets this when a user initially logs in and it is seldom changed.
The effective user ID is set by the exec()
functions if
a program has its seteuid bit set. An application can call seteuid()
at any time to set the effective user ID to either the
real user ID or the saved set-user-ID. When the effective user ID is set by exec()
functions, the previous value is saved in the saved
set-user-ID.