Least operating system privilege