Restrict users to add Cron job in Linux

Regular users can modify and install their own cron configuration or jobs.

If you want to restrict users to add new cron jobs, then you have to first remove (or backup) cron.deny file and then create a new file cron.allow and add one line for each users. It will deny all those users who are not in this list from adding a cron job.

[root@nagios ~]# mv /etc/cron.deny /etc/cron.deny.bak

[root@nagios ~]# vi /etc/cron.allow

I added 2 users other than user ‘soj’. Now, as user soj, I am trying to add a new cronjob and as you can see the user soj is denied from add a new cron job.

[soj@nagios ~]$ crontab -e
You (soj) are not allowed to use this program (crontab)
See crontab(1) for more information

You can implement the same for ‘at’ as well by placing allowed users to /etc/at.allow.

Advertisements