What is the principle of least privilege?
The principle of least privilege (PoLP; also known as the principle of least authority) is an important concept in computer security, promoting minimal user profile privileges on computers, based on users' job necessities. It can also be applied to processes on the computer; each system component or process should have the least authority necessary to perform its duties. This helps reduce the "attack surface" of the computer by eliminating unnecessary privileges that can result in network exploits and computer compromises. You can apply this principle to the computers you work on by ordinarily operating without administrative rights.
- For information about gaining administrative privilege on a
Windows computer, see User Account
- On Unix and Mac OS X computers, if you need
administrative access, you can use the
sucommand; see In Unix, what are the sudo and su commands?
Last modified on October 09, 2012.