HomePROJECTS

The Principle of Least Privilege

We address the principle of least privilege
Sep 11 2023
3 min readHelpdesk, Hacking
User Creation

Clearing up doubts.

  • What is not allowed must be prohibited.
  • A chain is only as strong as its weakest link.
  • The security measure is directly proportional to the level of existing risk.
  • An old computer dog must learn new tricks.
  • Computer security is everyone's job.

In WINDOWS

LeastPrivilege
LeastPrivilege

In LINUX

To create a conventional user:

Authenticate as root user

#JS
1~$ su -
2Password:
3
4~#
5
6

Create the user

#JS
1useradd userName
2
3

Add password

#JS
1passwd userName
2
3

To switch to the new user

#JS
1su userName
2
3

To create a root user:

Create the user

#JS
1useradd -u 0 -o -g 0 userName2
2
3
  • u [UID] -> user identifier of the new account. The UID (User ID) is added in the [UID] field.
  • o -> allows creating users with duplicate (non-unique) identifiers (UIDs).
  • g [GROUP] -> name or identifier of the primary group of the new account.
  • p [PASSWORD] -> encrypted password of the new account

Explanation: -u 0 we are assigning the userPrueba account the UID (User IDentifier) 0, each account has a user identifier, that of the root account is 0, by assigning the value 0 to userPrueba we are giving it the same user privileges as the root account. Usually you cannot have two accounts with the same UID, that is why the -o option is added, which allows an exception to be made so that it can be done. The -g 0 assigns the GID (Group IDentifier) 0 to userPrueba, so that it belongs to the same group as the root account.

Standard user registration:

Enter as administrator (root) with:

#JS
1//option a)
2~$ su -
3Password: (honeydrive)
4//option b)
5~$ sudo su -
6[sudo] Password: (honeydrive)
7
8

Once inside you will switch to the # symbol and you will be able to create the new standard user;

#JS
1~#useradd userTest1
2~#passwd userTest1 (test1) //optional password
3
4

and that's it!

You can try to make the configuration changes to authenticate that it is a standard user with:

first we enter the user and then we change the configuration of the eth0 port

#JS
1//enter as user UserTest1
2~# su userTest1
3//inside the user we make the query of the available ports to confirm that eth0 exists
4$ ifconfig
5
6//we try to turn off the eth0 port
7$ ifconfig eth0 down
8SIOCSIFFLAGS: Permission denied
9//expected message denied
10
11

Finally, to return to the Administrator user

#JS
1//option a)
2$su –
3Password: (honeydrive)
4//option b)
5$exit
6

Administrator user registration:

Enter as administrator (root) with: (repeat step one or confirm being in root #)

#JS
1~# useradd -u 0 -o -g 0 userTest2
2~# passwd userTest2 (test2) //optional password
3
4

You can try to make the configuration changes to authenticate that it is an Administrator user with:

First we enter the administrator user and then we change the configuration of the eth0 port

#JS
1//enter as user UserTest2
2~# su userTest2
3//inside the user we make the query of the available ports to confirm that eth0 exists
4$ ifconfig
5
6//we try to turn off the eth0 port
7$ ifconfig eth0 down
8//we confirm that the changes have been made
9$ ifconfig
10//finally we return it to the initial configuration with:
11$ ifconfig eth0 up
12
OSIModel
OSIModel
Previous

SISLOG Forensic Tool

Next

OSINT Tools 1

Did you like this article? Share it!

© 2025