Unix provides a simplified version of the Multics access control mechanism
to change the access rights of a process dynamically.
A process can switch between user and kernel mode.
in user mode,
a process executing with the access rights of one user,
executes a file owned by another user
gets the access rights of the second user if a bit
(called SETUID) in the object file
This feature supports rights amplification and easily handles the
The mail program is owned by root and has its SETUID bit on.
the command interpreter subprocess forked to process the `mail command'
executes the mail program it acquires the access rights of root and
can create/modify a file (owned by the receiver) in the directory