Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Administration: Common Tasks Oracle Solaris 11 Information Library |
1. Locating Information About Oracle Solaris Commands
2. Managing User Accounts and Groups (Overview)
3. Managing User Accounts and Groups (Tasks)
4. Booting and Shutting Down an Oracle Solaris System
5. Working With Oracle Configuration Manager
6. Managing Services (Overview)
9. Managing System Information (Tasks)
10. Managing System Processes (Tasks)
11. Monitoring System Performance (Tasks)
12. Managing Software Packages (Tasks)
14. Scheduling System Tasks (Tasks)
Creating and Editing crontab Files (Task Map)
Ways to Automatically Execute System Tasks
For Scheduling Repetitive Jobs: crontab
For Scheduling a Single Job: at
Scheduling a Repetitive System Task (cron)
How the cron Daemon Handles Scheduling
Syntax of crontab File Entries
Creating and Editing crontab Files
How to Create or Edit a crontab File
How to Verify That a crontab File Exists
Controlling Access to the crontab Command
How to Deny crontab Command Access
Using the at Command (Task Map)
Scheduling a Single System Task (at)
Controlling Access to the at Command
How to Deny Access to the at Command
How to Verify That at Command Access Is Denied
15. Setting Up and Administering Printers by Using CUPS (Tasks)
16. Managing the System Console, Terminal Devices, and Power Services (Tasks)
17. Managing System Crash Information (Tasks)
18. Managing Core Files (Tasks)
19. Troubleshooting System and Software Problems (Tasks)
20. Troubleshooting Miscellaneous System and Software Problems (Tasks)
You can control access to the crontab command by using two files in the /etc/cron.d directory: cron.deny and cron.allow. These files permit only specified users to perform crontab command tasks such as creating, editing, displaying, or removing their own crontab files.
The cron.deny and cron.allow files consist of a list of user names, one user name per line.
These access control files work together as follows:
If cron.allow exists, only the users who are listed in this file can create, edit, display, or remove crontab files.
If cron.allow does not exist, all users can submit crontab files, except for users who are listed in cron.deny.
If neither cron.allow nor cron.deny exists, superuser privileges are required to run the crontab command.
Superuser privileges are required to edit or create the cron.deny and cron.allow files.
The cron.deny file, which is created during SunOS software installation, contains the following user names:
$ cat /etc/cron.d/cron.deny daemon bin smtp nuucp listen nobody noaccess
None of the user names in the default cron.deny file can access the crontab command. You can edit this file to add other user names that will be denied access to the crontab command.
No default cron.allow file is supplied. So, after Oracle Solaris software installation, all users (except users who are listed in the default cron.deny file) can access the crontab command. If you create a cron.allow file, only these users can access the crontab command.
$ su - Password: #
Note - This method works whether root is a user or a role.
daemon bin smtp nuucp listen nobody noaccess username1 username2 username3 . . .
# cat /etc/cron.d/cron.deny daemon bin nuucp listen nobody noaccess
If you do not add root to the file, superuser access to crontab commands will be denied.
Include users that will be allowed to use the crontab command.
root username1 username2 username3 . . .
Example 14-6 Limiting crontab Command Access to Specified Users
The following example shows a cron.deny file that prevents user names jones, temp, and visitor from accessing the crontab command.
$ cat /etc/cron.d/cron.deny daemon bin smtp nuucp listen nobody noaccess jones temp visitor
The following example shows a cron.allow file. The users root, jones, and smith are the only users who can access the crontab command.
$ cat /etc/cron.d/cron.allow root jones smith
To verify if a specific user can access the crontab command, use the crontab -l command while you are logged into the user account.
$ crontab -l
If the user can access the crontab command, and already has created a crontab file, the file is displayed. Otherwise, if the user can access the crontab command but no crontab file exists, a message similar to the following message is displayed:
crontab: can't open your crontab file
Either this user either is listed in the cron.allow file (if the file exists), or the user is not listed in the cron.deny file.
If the user cannot access the crontab command, the following message is displayed whether or not a previous crontab file exists:
crontab: you are not authorized to use cron. Sorry.
This message means that either the user is not listed in the cron.allow file (if the file exists), or the user is listed in the cron.deny file.