What is “Least Privilege”?
Secure your server using the Principle of Least Privilege (PoLP). Learn how restricting user access prevents malware and how to manage file permissions.
Least Privilege refers to the term Principle of Least Privilege (PoLP). The principle states that every process, user, or program, must be able to access only the information and resources necessary for its purpose. This principle comes in handy when granting permissions to users and processes on your server. When you set permissions, you can identify the functions a user or process needs in order to complete their tasks, without allowing them access to other files and programs running on the server they don’t need access to.
Why use Least Privilege?
- It’s hard to compromise what you don’t have access to.
- Less likely for accidental deletion or manipulation of scripts, code, and files.
- Helps in the classification of data, by using privilege to classify your data, you know what data is available and who has access to it.
- Reduce the spread of malware. Malware tends to use the privilege of the user when they are tricked into installing or activating software. By keeping privileges strict, you prevent accidental downloading of malicious software.
- Guards against SQL injection, which exploits the lack of least privilege on applications. Making sure your applications have read-only permissions, you can guard against an attack by not allowing execution.
How to change file or folder permissions
You can change permissions for any user or program no matter the operating system you use. We’ve detailed how to manage your permissions in the following articles: