each user has an UID to identify the user
each process has a PID
by default process runs with the privilege of the user stated it
some process has a flag SetUID or SUID, and will run with privilege of owner, not the user start it
most system tools has SUID flag, run as root, but will decrease to a less privileged user soon after done whatever requires root privilege
Default permission system - discretionary access control (DAC):
for files:
privilege (for owner, group and others):
privilege (shown with "stat filename"):
type (first field shown by ls -l):
for dirs:
ls -l
stat
chmod u=rw g-w o+w...
chown
lsattr / chattr (gentoo)