No Root, No Problem: Automating Linux Least Privilege and Securing Ansible Deployments

Author First name, Last name, Institution

Eddie Billoir, Université de Toulouse
Romain Laborde, Université de Toulouse
Daniele Canavese, Université de Toulouse
Yves Rütschlé, Airbus France
Ahmad Samer Wazan, Zayed University
Abdelmalek Benzekri, Université de Toulouse

Document Type

Conference Proceeding

Source of Publication

Lecture Notes in Computer Science

Publication Date

10-18-2025

Abstract

This article addresses the challenges of enforcing the Principle of Least Administrative Privilege (PoLAP) in Linux systems. We present an innovative approach that orchestrates multiple Linux low-level security mechanisms to provide fine-grained control over the privileges of system administrators. We implemented a completely open-source framework to monitor, analyze, and grant the minimum set of privileges required to perform specific administrative tasks. To demonstrate its practicality in modern deployment approaches, we integrated our framework with the Ansible automation platform towards a zero-trust strategy in Infrastructure-as-Code environments. Our solution reduces the risk of supply chain and internal attacks associated with administrative privilege management while maintaining operational efficiency.

DOI Link

10.1007/978-3-032-07894-0_3

ISBN

[9783032078933]

ISSN

0302-9743

Publisher

Springer Nature Switzerland

Volume

16055 LNCS

First Page

43

Last Page

63

Disciplines

Computer Sciences

Keywords

Access Control, Ansible, Least Privilege, Linux, Operating system, Zero-Trust Strategy

Scopus ID

105020719690

Recommended Citation

Billoir, Eddie; Laborde, Romain; Canavese, Daniele; Rütschlé, Yves; Wazan, Ahmad Samer; and Benzekri, Abdelmalek, "No Root, No Problem: Automating Linux Least Privilege and Securing Ansible Deployments" (2025). All Works. 7656.
https://zuscholars.zu.ac.ae/works/7656

Indexed in Scopus

yes

Open Access

no