What is “Least Privilege”?
Least Privilege, or the Principle of Least Privilege (PoLP), ensures that each process, user, or program accesses only the information and resources essential for its purpose. This helps in setting server permissions, granting users and processes only the necessary functions to complete their tasks, without accessing other files and programs.
Least Privilege refers to the term Principle of Least Privilege (PoLP). The principle states that every process, user, or program, must be able to access only the information and resources necessary for its purpose. This principle comes in handy when granting permissions to users and processes on your server. When you set permissions, you can identify the functions a user or process needs in order to complete their tasks, without allowing them access to other files and programs running on the server they don’t need access to.
Why use Least Privilege?
- It’s hard to compromise what you don’t have access to.
- Less likely for accidental deletion or manipulation of scripts, code, and files.
- Helps in the classification of data, by using privilege to classify your data, you know what data is available and who has access to it.
- Reduce the spread of malware. Malware tends to use the privilege of the user when they are tricked into installing or activating software. By keeping privileges strict, you prevent accidental downloading of malicious software.
- Guards against SQL injection, which exploits the lack of least privilege on applications. Making sure your applications have read-only permissions, you can guard against an attack by not allowing execution.
How to change file or folder permissions
You can change permissions for any user or program no matter the operating system you use. We’ve detailed how to manage your permissions in the following articles: