The Principle of Least Privilege
The principle of “least privilege” mandates that a process should have the lowest level of privilege needed to accomplish its task. For application software, this never includes running as root (UNIX/Linux) or Administrator (Windows). Anything these applications need to do, they can do as nonadministrative users.
I’ve seen Windows servers left logged in as Administrator for weeks at a time—with remote desktop access—because that’s what some piece of software required. (This particular package also was not able to run as an NT service, so it was essentially just a Windows desktop application left running for a long time. That is not what I call data center ready!)
Software that requires execution as root is ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access