For the super user privilege control problem in system services, a user permission isolation method is proposed. Based on virtualization technology, the permission limited environments are constructed for different users. According to privilege sets, the users, mapping relations are built among users, isolated domains and program modules. Besides, the authors give an algorithm for division of program permissions based on concept lattices. And the security strategies are designed for different isolated domains. Finally, they propose the implications of least privilege, and prove that the method eliminates the potential privileged users in system services.