Every user who can log in on the system is identified by a unique number called the user ID. Each process has an effective user ID which says which user’s access permissions it has.
Users are classified into groups for access control purposes. Each process has one or more group ID values which say which groups the process can use for access to files.
The effective user and group IDs of a process collectively form its persona. This determines which files the process can access. Normally, a process inherits its persona from the parent process, but under special circumstances a process can change its persona and thus change its access permissions.
Each file in the system also has a user ID and a group ID. Access control works by comparing the user and group IDs of the file with those of the running process.
The system keeps a database of all the registered users, and another database of all the defined groups. There are library functions you can use to examine these databases.