• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to prevent non-root user from creating crontab entry

By admin

Often this is a requirement in production environments to disable the non-root users to create any crontab entry. There are three ways to achieve this :

1. Disable non-root user ssh to system, then non-root user is not able to use shell at all. Refer to this post for procedure.

2. Add user into file /etc/cron.deny, each user per line (Typical method which affect only list users):

# cat /etc/cron.deny 
johny

Note: Make sure no conflict between file /etc/cron.allow and /etc/cron.deny.
Verify denied user with creating crontab entry:

$ crontab -e
You (johny) are not allowed to use this program (crontab)
See crontab(1) for more information

3. Deprecate execute permission of crontab command (Aggressive approach which affects all non-root users):
Default permissions :

# ls -lrt /usr/bin/crontab 
-rwsr-xr-x 1 root root 57552 Apr 21  2015 /usr/bin/crontab

Change The permission (remove the setuid bit) :

# chmod 700 /usr/bin/crontab
# ls -lrt /usr/bin/crontab
-rwx------ 1 root root 57552 Apr 21  2015 /usr/bin/crontab

Note: Make sure you have backup file before change its file permission.
After package upgrade, this change will be reversed to default.
Default permission:

# stat /usr/bin/crontab
  File: ‘/usr/bin/crontab’
  Size: 57552     	Blocks: 120        IO Block: 4096   regular file
Device: fd00h/64768d	Inode: 10751442    Links: 1
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2016-08-12 17:03:10.112443944 +0530
Modify: 2015-04-21 19:38:05.000000000 +0530
Change: 2016-03-14 14:03:30.347276747 +0530
 Birth: -

Verify denied user with creating crontab entry:

$ crontab -e
bash: /usr/bin/crontab: Permission denied

Filed Under: Linux, Solaris

Some more articles you might also be interested in …

  1. How to setup a chroot ssh/sftp for specific users in Solaris 10
  2. Linux OS Service ‘ldap’
  3. How to Change Timezone from CST To EST in CentOS/RHEL 7 Server
  4. Downgrading an rpm package to a lower version (using “rpm” command)
  5. CentOS / RHEL 6,7 : How to enable or disable XDMCP service (GDM)
  6. How to Mirror Swap, Boot and Root Partions in CentOS/RHEL 7 Using mdadm Utility
  7. 18 Practical tcpdump Command Examples – A Network Sniffer Tool Primer
  8. How to Use the Oracle Solaris Fast Crash Dump Feature
  9. Understanding rsyslog Filter Options
  10. Beginners Guide to yum Configuration

You May Also Like

Primary Sidebar

Recent Posts

  • How to disable ICMP redirects on CentOS/RHEL
  • What are Oracle Key Vault Roles
  • What Is Oracle Key Vault
  • Auditing with Oracle Database Vault Reports
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary