Most UNIX users would expect to find the super-user privilege mechanism to be the standardized POSIX privilege mechanism, but it is not. A goal in supporting privilege was that the base POSIX standard allow for the implementation of a mechanism that supports the least privilege concept described above. The super-user mechanism does not support this. It supports a monolithic ``all or nothing'' approach to privilege. The only user with any privilege is the super-user (also known as ``root'' with a UID of 0), and this user has all privileges, all of the time. This clearly does not meet the goal of supporting least privilege, and thus does not exist explicitly in the POSIX.1 standard. Actually no privilege mechanism exists in the standard per se. Only the concept of ``appropriate privilege'' exists to indicate those services (using the POSIX interfaces) that require privilege. This allows any privilege mechanism to be implemented - including the super-user privilege. However it is the intent that the least privilege mechanism supported by the POSIX.6 standard be used when there is a requirement for privilege, and not the ``all or nothing'' super-user approach, which does not support least privilege.
The features provided by the POSIX.6 standard, with regard to privilege include: the granularity of privilege, the time bounding of privilege, and privilege inheritance. A privilege mechanism that supports granularity of privilege will allow a process to override only those security-relevant functions that are needed to perform the task. For example a backup program only needs to override read restrictions, and not the write or execute restriction on files. The time bounding of privilege is related in that privileges required by a application or system process can be enabled and disabled as the application or system process needs them. Privilege inheritance allows a process image to request that all, some, or none of its privileges get passed on to the next process image. For example programs that execute other utilities need not pass on any privileges if the utility does not require them.