The cron and at services are used to allow commands to be executed at a later time. How do I restrict them to selected users such as root, opt1, opt2 and so on? How do I make sure user php can run php script but cannot modify or install a new job?
The cron service is required by almost all UNIX / Linux / BSD oses to perform necessary maintenance tasks. Both cron and anacron make use of a number of configuration files and directories. Regular users can modify and install their own cron configuration or jobs.
- /etc/cron.allow - Put users who are allowed to use cron.
- /etc/at.allow - Put users who are allowed to use at.
If these files exist and if the corresponding files /etc/cron.deny and /etc/at.deny do not exist, then only users listed in the relevant allow files can run the crontab and at commands to submit their jobs.
How Do I Restrict at And cron To Authorized Users Only?
First, delete both /etc/cron.deny and /etc/at.deny files.
# rm /etc/cron.deny /etc/at.deny
Now, open /etc/cron.allow, enter:
# vi /etc/cron.allow
Add one line for each user allowed to use the crontab command to create cron jobs. Finally, edit /etc/at.allow using a text editor such as vi, enter:
# vi /etc/at.allow
Add one line for each user allowed to use the at command to create at jobs:
vivek shri krish tom root foo bar php
Note that even if a user called jerry is not listed in cron.allow, cron jobs, he can still be run as that user. The cron.allow file controls only administrative access to the crontab command for scheduling and modifying cron jobs. In other words you can set / modify cron jobs on behalf of jerry. Jerry can only run it but cannot set or modify jobs.
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop