Hi everyone. For a Linux project, I need to install a Linux environment to implement the principle of Least Privilege. I need to restrict users in their actions but let them do their job as, for instance:
- Ash is sysadmin and is in the sudo group: they can run any command as root and only they can create new users or manage rights on the files. However, they can delegate some well-controlled operations to the admin;
- Billy is admin: they need to help users to install software with the packet manager, control the web server, perform some check routine, fix some minor problems without asking Ash, control SNMP programs;
- Charlie is web admin: they need to manage the apache2 and MariaDB server, have access to the /etc/apache2 and /var/www directories, reload the apache2 configuration and so on;
- Denver is a regular user: they can play the minesweeper and browse the Internet.
The first idea that comes to my sick mind was to create user groups as:
- sudo
- admin
- web-admin
- installer
and restrict access to some commands to the groups in the sudoers file.
With those groups, we are able to control commands users use in the sudoer file, for instance:
%installer ALL=/usr/bin/apt
We also need to give access to some directories to the groups, for instance add the directory /etc/apache2/ to the web-admin group or /usr/share/ to the admin group:
chown -R root:web-admin /etc/apache2/
chown -R root:admin /usr/share/
Unfortunately, we also need a script or a command to restore those entitlements as when Charlie (web-admin) create new files in /etc/apache2/site-available/, they need to belong to root and not to Charlie.
So here are my questions:
- Is modifying rights of directories like /etc/ or /usr/ wonβt break the Linux machine?
- Is the system I just present is realistic with the Linux architecture and can last in time without too large security breaches?
- Is there any program that can manage this implementation better than me (a poor computer science student)?
- Are there good practices that I need to learn before implementing this solution?
- Have you any suggestion regarding my problem: restrict users to their role and enabling a Least Privilege environment?
- Can you advise me on some reference to read?
Thank you very much for your time!
Iβll need to be able to enforce MFA for users in our O365 tenant while not having any domain admin rights etc.
Google mentions that there is one design principle of component : least privilege. Google provides mechanisms to give components the minimum set of capabilities they require, such as sandboxing, role-based access control, and isolation policies.
Can someone explain more about these mechanisms ? For example , if one component requires more capabilities than it actually needs, how the sandboxing works to provent the component from getting more capabilities ?
This tale of woe is from my previous company, providing managed IT for small financial institutions. Shortly after lunch I (level 2 helpdesk) fielded a call from a customer saying they were getting weird error messages on the terminal server and were unable to work. I started getting a ticket entered and started the process of getting remoted in when I started hearing other techs taking similar calls from the same customer. I let everyone know I was on it and took ownership.
I got remoted into the TS and asked the person on the line to tell me more about what was going on. They were getting weird error messages in their line-of-business software, which opened fine for me under my login. I had them close the software and re-open it. The response was a popup message saying Windows didn't know how to open the file, and asking the user what program they'd like to use to open it.
Well that's... odd. It works fine for me. Other users are reporting the same message, but not just on the LoB software. Outlook, IE, everything. I'd seen similar problems caused by malware screwing up file associations, and looked into the registry for any trace of those problems. I found nothing of the sort, and most malware shouldn't have been able to spread past an individual user profile anyway. The problem was clearly with the registry, but it all looked fine at first glance. I got an idea and created a new test user, logged into the TS, and had the same problems. Did a quick check and found the source of the problem. After scouring audit logs and talking to a couple people (including the customer's own internal IT guy) the problem became clear.
The problem ended up being that Mr. Wanna-Be IT Guy must have recently heard about the principle of least privilege and decided to apply it, and failed spectacularly. While it's a great principle to keep in mind and implement, perhaps removing read access from HKEY_CLASSES_ROOT and some other registry hives for all but domain admins isn't the best idea in the world. As it turns out, there's important information in those hives, such as HOW TO OPEN FILES. If Windows can't access the registry key that tells it how to open .exe files (or anything else for that matter), it just shrugs and asks the user.
I've started making sure all admins here have two workstations, multiple accounts, use LAPS, etc. All of these changes make me feel profoundly better about our security and stability. But I'm realizing I'm getting a little deep in the woods with my approach to all this stuff and was looking for some guidance. A few days ago, someone answered that it's all right to administrate, say, AWS or Azure from your secure workstation, that such web-based browsing risks are acceptable. But this didn't sit well with me and so now I've got THREE workstations:
- One daily driver - browse all corners of the web, Outlook, general production PC with no admin rights
- One PAW - only log in with privileged accounts (Admin, Server Admin), store Keepass, Active Directory administration, remote desktop, remote into user machines (with Help desk Account), etc
- Protected browsing virtual machine - log into secure web based consoles like AWS, Azure, 2FA configuration website, etc, anything that I need to administrate online that's important.
And now I'm starting to wonder about least privilege methodologies: as in should I create an account, for example, JUST to join PC's to the domain? Granted, it wouldn't be used much, but it would have no other uses; OR should I group the ability to add workstations with a bunch of other similar rights into the same account, somewhat violating the principle of least privilege? Multiple accounts would be easy enough to keep track of with KeePass, but I'm having a hard time understanding what's going overboard and what's sensible. Besides a domain administrator account, should I be looking to maintain, basically, 4-5 other accounts with different tiers of privilege or quite a few additional accounts that have granular and specific usage?
I'm a new windows sysadmin, coming from a linux world. In our department we give users admin rights to their severs in order to admin their applications, however this makes me go crazy, as we are still responsible for the hardware and OS. Coming from the linux world we just used sudo to allow them to run privileged commands.
We now have scripts that monitor things like adding new admins and messing with drivers so we can tell the application admins to stop doing that. It's a nightmare.
There must be a better approach, what am I missing?
Edit: Just an example to clarify, there times when the application owners want to restart their application however that requires admin rights. In linux we would just give them sudo to start and stop the app as root. In windows our team has given them admin rights on the box to perform tasks like this. However I feel this gives to much access, I'm looking to see if there is an another option to propose to my team.
How granular do you get with your domain accounts for IT admins? I understand why using Domain Admin for anything other than high level tasks within AD is bad and ensuring the principle of least privilege. So far we use:
Regular user accounts, Domain Admin, Server Admin, Desktop Admin
Use LAPS for local accounts.
I feel server admin account has been granted too many privs and could be considered a big target after adding Exchange, Windows member servers, SQL, SharePoint, VMware, Backup server etc.
How many accounts do you create for your team members?
Least Privilege Principle is about the minimum permissions required to do the job.
Is there a named principle for the minimum equipment required to do the job? or similar?
Principle of least action allows us to find equations of motion if we plug appropriate lagrangian into Euler - Lagrange equation. In classical mechanics, this is the difference in kinetic and potential enerrgy of the body.
How did Lagrange came to the idea that matter obeys this principle?
People like to sh*t on Sasuke for being the elite Uchiha who had all the privilege and talent who threw his weight around while copying everything with a Sharingan while the other, more 'awesome boys' were struggling Ninjas who need to be acknowledged. But, let's think about it
-
Itachi could do the Fireball (whatever it's called) Jutsu in one chance, joined freakin' Anbu at 11, Sasuke, however, was shown hard working and struggling for Fugaku's attention and being able to do the Fireball Jutsu after many many attempts, in his childhood he was constantly seen being overshadowed by Itachi's talents and try hard to achieve Fugaku's approval.
-
Kakashi, Minato and all other prodigies are same. It is almost unrealistic how Kishimoto allows these Ninja to somehow be so freakin' talented that they could kill grown-ups when they were not even teenagers, Kakashi graduated at 6, wtf.
-
Naruto could always employ his shadow-clone Jutsu to learn everything that many times faster. Infact, him being able to grasp the shadow-clone and perform it without real consequences really is because of his Uzumaki chakra + Kurama chakra he sometimes borrowed. Sasuke had to train a few months to learn Chidori.
-
While Sharingan gave him advantage, let's not forget that almost every genin had some Kekkei Genkai, except Sakura and Lee and Tenten. A base Sharingan is not even that impressive, it does not provide you with Jutsu hack of perfectly copying everything the other person does, like Lee said, you need to train your body to match it.
-
Shikamaru, Shino, Kiba, Choji, Neji, Gaara, Hinata, Ino and others all relied heavily on either their clan technique or the tailed-beasts powers. Sasuke's clan died when he was 7 and there has been no hint anyone taught him Sharingan based stuff, so he is probably self trained. Just imagine the rest of the students having entire clans behind them, learning techniques and everything, even Lee had a thorough mentor in Guy, Sasuke self-studied, self-trained and self-manuevered his Sharingan in order to achieve top-grades in the class.
-
He is not a theoretical genius, he did not know ONE answer in the Chunin examinations, Shikamaru was that, yet Sasuke studied so much that he could beat Lazy Shikamaru (though actually interested Shikamaru may have beat him)
-
He was willing to make almost insane amounts of sacrifices to achieve his revenge. While Naruto learned nothing, Sakura learned quite a lot, Sasuke learned a freakin' OP Jutsu t
Principle of Least Privilege Benefits
The principle of least privilege (POLP) requires giving each user, service and application only the permissions needed to perform their work and no more. It is one of the most important concepts in network and system security. No matter how technically skilled or trustworthy a user is, they should have access to only the network resources they need to do the job at hand.
The main benefit of minimizing each userβs level of access is that you can dramatically reduce your security risks and attack surface. By strictly limiting who can access your critical systems, you reduce the risk of unintentional or malicious changes and data leaks β whether by the users themselves or by attackers who take over their credentials. In particular, youβll minimize the likelihood of rootkits, viruses and malware being installed, since most user accounts wonβt have the administrative privileges required to install them.
Another benefit of enforcing least privilege is achieving regulatory compliance. Many standards require organizations to give users only the privileges needed to complete their job functions β especially privileged users. Even if your business is not subject to these regulations, implementation of least privilege is a smart best practice.
In addition, a least privilege model simplifies change and configuration management. Every time someone with administrative privileges logs in to a computer, there's the potential that the system's configuration could be changed inappropriately, either deliberately or accidentally. Least privilege helps you maintain the intended configuration of a system by controlling exactly who can change what. Great examples of administrative restrictions that implement least privilege are the ESAE (βRed Forestβ) model in Active Directory and the Just In Time and Just Enough administration concepts in Windows Server.
Limitations of Least Privilege
However, itβs essential to keep in mind that the principle of least privilege is just one layer of a comprehensive defense-in-depth strategy; you should also deploy other critical technologies, such as firewalls that prevent connections, intrusion detection devices that search for malicious code, antivirus or personal security products that look for heuristic behavior, and software restriction policies that limit what application installation and execution. For exam
... keep reading on reddit β‘
This post is about Nietzsche's will to power not necessarily only as a psychological principle but also possibly as a biological and physical principle (of which there are bits of in BGE, GM, Z, WP) (and perhaps also a sociological principle?).
I emphasised "and/or" to permit responses about will to power as including any of the domains (to get more variety of responses) or all of them (which I suspect is what the will to power is about, even if one of them takes explanatory precedence).
This post is not primarily about ethics.
Nietzsche's will to power seems similar to Spinoza's conatus in that both posit that each thing/body/living thing/affect/person* strives to maximise its power** and Spinoza's principle seems to me quite supported by a certain scientific theory.....
*depending on if it's being taken as a metaphysical/physical/biological/psychological (subpersonal)/psychological (personal) theory, respectively. (You can see how this raises the question of extending this to the sociological. A Hegelian-esque principle, perhaps? After all, Hegel's dialectic, Nietzsche's will to power and Spinoza's conatus are similar insofar as they are ambitious overarching principles concerning many domains)
** (and both are, tangentially, fundamental for their ethics)
