Controlling Access to at
Users listed in the at.deny file cannot use at to schedule jobs or to check the at queue status.
The at.deny file is placed in the /etc/cron.d directory during Solaris software installation. At that time, the same users are listed in both this file and the default cron.deny file.
daemon bin smtp nuucp listen nobody noaccess |
Root permissions are required to edit this file.
How to Deny at Access
-
Become superuser.
-
Using the editor of your choice, open the /etc/cron.d/at.deny file.
-
Add the names of users, one per line, who will be prevented from using at commands.
daemon bin smtp nuucp listen nobody noaccess username1 username2 username3 . . .
-
Exit the file, saving your changes.
Example--Denying at Access
The following example shows an at.deny file that has been edited so that the users Smith and Jones may not access at.
$ cat at.deny daemon bin smtp nuucp listen nobody noaccess jones smith |
How to Verify at Access Is Denied
To verify whether or not a user's name was added correctly to /etc/cron.d/at.deny, use the at -l command while logged in as the user. If the user cannot access at commands, the following message is displayed.
# su smith Password: $ at -l at: you are not authorized to use at. Sorry. |
Likewise, if the user tries to submit an at job, the following message is displayed:
$ at 2:30pm at: you are not authorized to use at. Sorry. |
This confirms that the user is listed in the at.deny file.
- © 2010, Oracle Corporation and/or its affiliates