-Each process in the system has associated with it two user-id's:
-a \fIreal user id\fP and a \fIeffective user id\fP, both 16 bit
-unsigned integers (type \fBuid_t\fP).
-Each process has an \fIreal accounting group id\fP and an \fIeffective
-accounting group id\fP and a set of
-\fIaccess group id's\fP. The group id's are 16 bit unsigned integers
-(type \fBgid_t\fP).
-Each process may be in several different access groups, with the maximum
-concurrent number of access groups a system compilation parameter,
-the constant NGROUPS in the file \fI<sys/param.h>\fP,
-guaranteed to be at least 8.
-.PP
-The real and effective user ids associated with a process are returned by:
+Each process in the system has associated with it three user IDs:
+a \fIreal user ID\fP, an \fIeffective user ID\fP, and a \fIsaved user ID\fP,
+all unsigned integral types (\fBuid_t\fP).
+Each process has a \fIreal group ID\fP
+and a set of \fIaccess group IDs\fP,
+the first of which is the \fIeffective group ID\fP.
+The group IDs are unsigned integral types (\fBgid_t\fP).
+Each process may be in multiple access groups.
+The maximum concurrent number of access groups is a system compilation
+parameter,
+represented by the constant NGROUPS in the file \fI<sys/param.h>\fP.
+It is guaranteed to be at least 16.
+.LP
+The real group ID is used in process accounting and in testing whether
+the effective group ID may be changed; it is not otherwise used for
+access control.
+The members of the access group ID set are used for access control.
+Because the first member of the set is the effective group ID, which
+is changed when executing a set-group-ID program, that element is normally
+duplicated in the set so that access privileges for the original group
+are not lost when using a set-group-ID program.
+.LP
+The real and effective user IDs associated with a process are returned by: