Securing an Ubuntu system includes setting up user accounts with passwords and setting permissions on files and directories, which are part of discretionary access controls (DAC). However, these methods are no longer considered enough to properly secure a server. You also need to implement mandatory access controls (MAC), which allow or block user and application access to data. Software that implements MAC on a system typically uses what is called least privilege. This means applications and users are provided access to only the data needed to accomplish their defined tasks.

The least privilege principal actually goes a bit deeper by giving users and applications only the privileges they need to complete ...