Understanding Least Privilege
One of the most fundamental concepts of security, especially on multiuser systems such as Unix, is the concept of least privilege. Least privilege dictates that users should have only the privileges they need to perform their daily tasks and nothing more. Users with more privileges than they really need are likely to abuse those privileges and end up doing more damage than good.
For example, if your Oracle DBA needs to reboot the database servers every once in a while, giving him or her the root password to the database server would seem like a logical action. However, possession of the root password gives the DBA an extraordinary amount of additional power—much more power than is necessary to simply reboot a server. ...
Get Unix® System Management Primer Plus now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
