What's the purpose of each of the different UIDs a process can have?

Question

Real UID, effective UID, and some systems even have a \"saved UID\". What\'s the purpose of all these, especially the last one?

Answer 1

In addition to the real, effective, and saved UIDs, Unix systems with auditing enabled also have the audit UID. A process's AUID identifies the user who started the process; it is not changed by setuid(2) or seteuid(2). The intent is that it remains constant through the process and is used only to tag audit records. Thus, if a user executes a privileged shell (even an authorized user via su or sudo), the audit records of that process are tagged from that user.