System Administration Guide: Advanced Administration

ProcedureHow to Limit crontab Command Access to Specified Users

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Create the /etc/cron.d/cron.allow file.

  3. Add the root user name to the cron.allow file.

    If you do not add root to the file, superuser access to crontab commands will be denied.

  4. Add the user names, one user name per line.

    Include users that will be allowed to use the crontab command.


    root
    username1
    username2
    username3
    .
    .
    .
    

Example 8–6 Limiting crontab Command Access to Specified Users

The following example shows a cron.deny file that prevents user names jones, temp, and visitor from accessing the crontab command.


$ cat /etc/cron.d/cron.deny
daemon
bin
smtp
nuucp
listen
nobody
noaccess
jones
temp
visitor

The following example shows a cron.allow file. The users root, jones, lp, and smith are the only users who can access the crontab command.


$ cat /etc/cron.d/cron.allow
root
jones
lp
smith