Friday, 30 September 2016

Deny and Allow Any User To Use Cron Job


Restrict users “tom”, “puppet” and “amit” to use cron jobs.
To restrict any user  to use cron jobs, enter their name on /etc/cron.deny and save it.
# vim /etc/cron.deny
tom
puppet
amit

~
~
:wq
Now login as one of those users and try to use crontab.
[root@ittroubleshooter ~]# vim /etc/cron.deny
[root@ittroubleshooter ~]# su - amit
[amit@ittroubleshooter ~]$ crontab -l
You (amit) are not allowed to use this program (crontab)
See crontab(1) for more information
[amit@ittroubleshooter ~]$ crontab -e
You (amit) are not allowed to use this program (crontab)
See crontab(1) for more information
[amit@ittroubleshooter ~]$
If again you want to allow them to use cron job facilities just remove their names from
/etc/cron.deny file.

Allow only three users “nagios”, “gaurav” and “root” to use cron jobs.

To allow any user to use cron facility, enter their name on /etc/cron.allow and save it.
# vim /etc/cron.allow
nagios
gaurav
root

~
~
:wq
Now login as one of those users and try to use crontab.
[root@ittroubleshooter ~]# vim /etc/cron.allow
[root@ittroubleshooter ~]# rm -rf /etc/cron.deny
[root@ittroubleshooter ~]# su - nagios
Last login: Thu Sep 15 16:58:01 IST 2016 on pts/1
[nagios@ittroubleshooter ~]$ crontab -l
40      3       2,9,16,23,30    9   *   sh /home/nagios/backup.sh

[nagios@ittroubleshooter ~]$ exit
logout
[root@ittroubleshooter ~]# su - gaurav
Last login: Mon Sep 12 20:10:57 IST 2016 from 10.88.12.163 on pts/0
[gaurav@ittroubleshooter ~]$ crontab -l
no crontab for gaurav
[gaurav@ittroubleshooter ~]$ exit
logout
[root@ittroubleshooter ~]# su - amit
Last login: Thu Sep 15 21:42:26 IST 2016 on pts/0
[amit@ittroubleshooter ~]$ crontab -l
You (amit) are not allowed to use this program (crontab)
See crontab(1) for more information
[amit@ittroubleshooter ~]$
Tip: Suppose, We have 20 users in our server, putting all 17 names in /etc/cron.deny file it is time consuming process. Instead we can create one more file i.e /etc/cron.allow in which we can assign those users who are allowed to use cron jobs.
/etc/cron.deny file exits by default.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)