From the course: Complete Guide to Linux Security: Protecting Your Linux Server Environment

Principle of least privilege - Linux Tutorial

From the course: Complete Guide to Linux Security: Protecting Your Linux Server Environment

Start my 1-month free trial Buy for my team

Principle of least privilege

- The principle of least privilege is an important concept in computer security. It states that user accounts and processes should only receive the privileges that are essential or vital to their work or to their functionality. While processes and code are extremely important, what we're really concerned with in this lesson is users. Users should be able to do their work with as few privileges as possible. The term, least privilege, applies to the operating system, to applications, to other users, to the network, and especially to data. Take a look at this figure. Here we see that we have a user account, @debian-containers, and the user has issued the ssh command and is attempting to ssh into a system with the IP address, 10.0.2.78, but they're trying to ssh in as root. And that is a red flag right there. Generally, we don't want to ssh into systems as root because one, you're going to get full access to that system right off the bat. And two, you may be transmitting information about the root account through that ssh tunnel, which we also don't want to do. So, that's a definite red flag. Now, in some cases, when you first set up a server, for example, a cloud-based server, you have to connect as root the first time. But it's a good idea to disable that functionality right away and then use another superuser account as time goes on. Now, the other thing I see here is this user account is just named user. And while I am using some computers running Linux and they have the user account called User, that's fine for educational purposes or testing. But in a real environment, this is a red flag. User accounts should go by a real naming convention. For example, first name_last name, or first name.last name, or something similar to that. This is just user. Who is that? So it's a little bit fishy. And also, why is this user account allowed to work on a system with containers? And especially, why is this user account trying to connect directly as root? So we don't want this. Ultimately, what we should see in the example is an, "Access Denied," message of some sort, like you see in the slide here. You might see, "Permission Denied," "Not a member of Sudu," et cetera. So let's show an example of this right now on our debian clients. And here you can see the two terminals that I had opened previously. On the right side, we have user@deb-client. That is a regular user. Let's run an administrative command. I'm going to run an apt update and press enter and we'll go full screen on that terminal. Look what happens. First of all, it doesn't work. And if you look here, we get a red E and that stands for error. Could not open lock file, permission denied. So there's that message and there's an example of the principle of least privilege. By default, this user account cannot run administrative commands. The user account cannot get access to the files necessary to do what needs to be done to make an apt update work. However, if we're working as the root account and we do an apt update, that will function. So anything you do as root automatically will function because the root has full power, as we mentioned before. For the user account, this will not work. Two things need to happen for it to work. First, the user account has to be a member of sudoers. And second, the user account would have to type in the sudo command before this command. So we'd have to precede our command with sudo for that to actually function. And we'll show more about that as we move through the lesson. So a user that doesn't need access shouldn't get access. To make this so, we need to configure the system properly. Luckily, Linux has lots of built-in security controls, but we can make it better and that's what we'll be doing during this course. In an upcoming sub lesson, we'll use the ID command to check the privileges of users. Remember to apply the principle of least privilege to everything you do in the computer field.

Contents