Access control and least privilege
This page needs a recent browser (with SharedArrayBuffer support). Please update Chrome, Edge, Firefox or Safari to the latest version.
Least privilege
- A core security rule: give every person and program only the access they need — no more.
- If an account is broken into, least privilege means the attacker can reach less.
Access control on files
- On Linux, file permissions are access control in action (you met these in the Linux course).
ls -lshows who can read, write, and execute, for the owner, the group, and everyone else.
ls -l secret.txt
Locking down a secret
- A file holding a password or key should be readable by its owner only.
chmod 600gives the owner read+write, and nothing to anyone else:
chmod 600 secret.txt
6= read+write for the owner;0and0= no access for group and others.
Your turn
- Lock down
secret.txtso only its owner can touch it. Good permissions are a simple, powerful defence.
Covers: A-Level 6.1 (access levels / security measures).
secret.txt is currently readable by everyone. Lock it down so only its owner can read and write it, with chmod 600 secret.txt. The check shows ls -l.
Click Run to see the output here.