8.2.1 Controlling Access to Running cron Jobs

If permitted, users other than root can configure cron tasks by using the crontab utility. All user-defined crontab-format files are stored in the /var/spool/cron directory with the same name as the users that created them.

root can use the /etc/cron.allow and /etc/cron.deny files to restrict access to cron. crontab checks the access control files each time that a user tries to add or delete a cron job. If /etc/cron.allow exists, only users listed in it are allowed to use cron, and /etc/cron.deny is ignored. If /etc/cron.allow does not exist, users listed in /etc/cron.deny are not allowed to use cron. If neither file exists, only root can use cron. The format of both /etc/cron.allow and /etc/cron.deny is one user name on each line.

To create or edit a crontab file as a user, log in as that user and type the command crontab -e, which opens your crontab file in the vi editor (or the editor specified by the EDITOR or VISUAL environment variables). The file has the same format as /etc/crontab except that the user field is omitted. When you save changes to the file, these are written to the file /var/spool/cron/username. To list the contents of your crontab file, use the crontab -l command. To delete your crontab file, use the crontab -r command.

For more information, see the crontab(1) manual page.