Least Privilege TTY
Least privilege TTY is the discipline of granting only the exact permissions required for a specific terminal session—nothing more. A TTY (teletype terminal) is the interface between a user process and the system. When least privilege is enforced, every session runs with tightly scoped rights. This reduces attack surface, stops escalation, and locks down critical resources from misuse.
On Unix-like systems, TTY access can be abused if privileges extend beyond operational needs. A developer with unrestricted TTY can run commands that read sensitive files, modify system configs, or pivot into higher roles. Limiting privileges means constraining commands, environment variables, file access, and device nodes tied to that terminal. The session must terminate any capability not essential to its task.
Implementing least privilege TTY starts with role-based access. Map each job function to a minimal set of commands. Configure sudoers with terminal-specific restrictions. Use pam_limits to enforce resource boundaries and chmod to restrict device access on /dev/tty*. Combine this with SELinux or AppArmor profiles so even compromised terminals can’t step outside predefined rules. Logging every TTY session is crucial—activity records catch violations and inform future tightening.
For remote access, apply least privilege TTY through SSH configuration. Restrict shells to forced commands. Disable interactive root logins entirely. Apply PermitTTY no where interaction is not needed. Use containerized environments for temporary terminal access, setting runtime constraints that vanish when the container ends.
The principle is zero trust: no session is inherently safe, no privilege is permanent. System safety depends on exact control at the terminal layer. A breach through TTY is fast, silent, and often invisible until damage is done. Least privilege is not optional; it is the rule that keeps control in your hands.
Configure, enforce, audit. Treat every TTY like hostile ground.
See it live in minutes at hoop.dev and build least privilege TTY access without the overhead.