Thanks Mamalos, your post was certainly thought provoking.
I'll try to clarify what I mean, although now that we know what Zytdar was looking for, it's quite moot.
I am *not* saying that any arbitrary user can be granted any root-like permission.
You are looking at only one facet of the traditional unix security model, and much of traditional unix security revolves around and is defined by access to files, pipes and devices. The first facet is indeed API level and is often root or nothing, although nothing in POSIX requires that exclusively. For instance Solaris is officially POSIX, and has a perhaps overly complicated RBAC. File permissions (standard, or ACL) are indeed a type of user privilege administered by the kernel, and dismissing them does not remove their importance whatsoever. Root is just a setuid away, anyway
.
Sure, I can't make my hypothetical "admin" user able to change network interfaces in the base system directly, but I can give him access to /etc and let him do many things indirectly, perhaps just permissions on the config file of a webserver he administrates. I could then give him permission to /usr/local/www, and allow him to administrate the contents of the web server he configured. Is he an admin? Yes. Is he some special POSIX creature, beyond a "user"? Absolutely not. Is the kernel letting him do things another user cannot? Yes.
We've essentially descended into semantics over the meaning of the word admin, and I ultimately retreat to the position (yours) that "admin" is not a defined role between user and root in the traditional unix security model. As a result it is "just" a word that could be used for one who has the privileges to administrate a system, whether they are root or user. Which is what I've been trying to say