KBTAG: kben10000010
URL: http://www.securityportal.com/lskb/10000000/kben10000010.html
Date created: 13/03/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Limiting user's access to cron
Keywords: System/Cron, Users
Cron is a program that wakes up once a minute and checks it's configuration files to see if it needs to do anything. Cron is typically used to run system maintenance programs, and can be abused by users. The vast majority of users do not need access to crontab, and users savvy enough to use it will typically have it set up to ensure IRC bots are running and so on.
cron supports two files:
/etc/cron.allow /etc/cron.deny
If cron.allow exists then you MUST be listed in it to use cron (so make sure all the system accounts like root are listed), this is very effective for limiting cron to a small number of users. If cron.deny exists then you will be allowed to use cron unless you are listed, this would be useful for "locking out" users that had previously abused cron or otherwise not allowed to use cron. In both cases users are listed one per line, you can use something like:
cat /etc/passwd | cut -d":" -f 1 > /etc/cron.allow
To populate it quickly and later edit it down.