I think this is completely wrong -- look at UAC on Windows, that works very well. Even if the machine is completely single-user, you don't want any program you run to be able to modify system files, etc. It is useful to manually grant elevated access if a program needs it, as then any downloaded code could install spyware, etc. On Windows (and on Linux), bypassing these mechanisms is certainly possible, but not trivial.

And that is good for the user.