{"description": "Grant the least privilege necessary for user accounts and software to perform tasks.\nFor example, <tt>sudo</tt> can be implemented to limit authorization to super user\naccounts on the system only to designated personnel. Another example is to limit\nlogins on server systems to only those administrators who need to log into them in\norder to perform administration tasks. Using SELinux also follows the principle of\nleast privilege: SELinux policy can confine software to perform only actions on the\nsystem that are specifically allowed. This can be far more restrictive than the\nactions permissible by the traditional Unix permissions model.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": {}, "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Least Privilege", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/intro/general-principles/principle-least-privilege/group.yml"}