Usually, a program runs with the same permissions as the user who is running it. The program can read or modify only the files which user is allowed to.
A process or program is something that is running. A process is started by the user. The question is what is a process allowed to do? Can a process do something that the user is not allowed to do? If so, then the user will create programs which can do anything. Therefore, the process is allowed to do only the things a owner of process can do. And who is the owner, the user that started the process.
What are the permissions of /etc/shadow file?
Taking you to the next exercise in seconds...