Linux / UNIX Restrict at / cron Usage To Authorized Users

The cron and at services are used to allow commands to be executed at a later time. How do I restrict them to selected users such as root, opt1, opt2 and so on? How do I make sure user php can run php script but cannot modify or install a new job?

The cron service is required by almost all UNIX / Linux / BSD oses to perform necessary maintenance tasks. Both cron and anacron make use of a number of configuration files and directories. Regular users can modify and install their own cron configuration or jobs.

ADVERTISEMENTS

  1. /etc/cron.allow – Put users who are allowed to use cron.
  2. /etc/at.allow – Put users who are allowed to use at.

If these files exist and if the corresponding files /etc/cron.deny and /etc/at.deny do not exist, then only users listed in the relevant allow files can run the crontab and at commands to submit their jobs.

How Do I Restrict at And cron To Authorized Users Only?

First, delete both /etc/cron.deny and /etc/at.deny files.
# rm /etc/cron.deny /etc/at.deny
Now, open /etc/cron.allow, enter:
# vi /etc/cron.allow
Add one line for each user allowed to use the crontab command to create cron jobs. Finally, edit /etc/at.allow using a text editor such as vi, enter:
# vi /etc/at.allow
Add one line for each user allowed to use the at command to create at jobs:

vivek
shri
krish
tom
root
foo
bar
php

Note that even if a user called jerry is not listed in cron.allow, cron jobs, he can still be run as that user. The cron.allow file controls only administrative access to the crontab command for scheduling and modifying cron jobs. In other words you can set / modify cron jobs on behalf of jerry. Jerry can only run it but cannot set or modify jobs.

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.