In Unix, when exec
If Real user ID is not same with file owner, and Set user ID bit is on, then, effective user id is changed to file owner's, and saved set user ID too.
Because Effective user ID is copied to Saved set user ID when exec.
At this moment, Why saved set userID is needed?
Because of security problem? if it is right, especially what case?
Having a saved user id allows you to drop your privileges (by switching the effective uid to the real one) and then regain them (by switching the effective uid to the saved one) only when needed.
When files are accessed, the system looks at the process's effective UID, its set of GIDs and matches those to the file permissions (and possibly the ACLs on the file).
When files are created, the system looks at the same process values when deciding whether the file can be created, but uses the effective UID to set the UID on the file, and uses either the effective GID or the directory's GID (if the SGID bit is set on the directory, or if you are on MacOS X).
The access() system call checks whether the real UID and real GID (instead of the effective UID and GID) can access the file.
If you have a SUID (setuid) program, then it can use its EUID to access files that it would otherwise not be accessible to its users. However, if it wants to create a file on behalf of the user (the RUID of the person running it), then it needs to drop the SUID privilege so the EUID is the same as the RUID. Once upon not so very long ago, once you dropped the SUID privilege, it was lost for good; you could not get it back. The saved UID value allows you to switch back, which simplifies management of privileges for SUID programs.
