Restrict users to add Cron job in Linux


Regular users can modify and install their own cron configuration or jobs.

If you want to restrict users to add new cron jobs, then you have to first remove (or backup) cron.deny file and then create a new file cron.allow and add one line for each users. It will deny all those users who are not in this list from adding a cron job.

[root@nagios ~]# mv /etc/cron.deny /etc/cron.deny.bak

[root@nagios ~]# vi /etc/cron.allow

I added 2 users other than user ‘soj’. Now, as user soj, I am trying to add a new cronjob and as you can see the user soj is denied from add a new cron job.

[soj@nagios ~]$ crontab -e
You (soj) are not allowed to use this program (crontab)
See crontab(1) for more information

You can implement the same for ‘at’ as well by placing allowed users to /etc/at.allow.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s