Unix provides a simplified version of the Multics access control mechanism
to change the access rights of a process dynamically.
A process can switch between user and kernel mode.
Moreover,
in user mode,
a process executing with the access rights of one user,
when it
executes a file owned by another user
gets the access rights of the second user if a bit
(called SETUID) in the object file
is on.
This feature supports rights amplification and easily handles the
mail example.
The mail program is owned by root and has its SETUID bit on.
When
the command interpreter subprocess forked to process the `mail command'
executes the mail program it acquires the access rights of root and
can create/modify a file (owned by the receiver) in the directory
`/usr/spool/mail'.