Every user who can log in on the system is identified by a unique number
called the user ID. Each process has an effective user ID which
says which user's access permissions it has.
Users are classified into groups for access control purposes. Each
process has one or more group ID values which say which groups the
process can use for access to files.
The effective user and group IDs of a process collectively form its
persona. This determines which files the process can access.
Normally, a process inherits its persona from the parent process, but
under special circumstances a process can change its persona and thus
change its access permissions.
Each file in the system also has a user ID and a group ID. Access
control works by comparing the user and group IDs of the file with those
of the running process.
The system keeps a database of all the registered users, and another
database of all the defined groups. There are library functions you
can use to examine these databases.