• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to prevent non-root user from creating crontab entry

by admin

Often this is a requirement in production environments to disable the non-root users to create any crontab entry. There are three ways to achieve this :

1. Disable non-root user ssh to system, then non-root user is not able to use shell at all. Refer to this post for procedure.

2. Add user into file /etc/cron.deny, each user per line (Typical method which affect only list users):

# cat /etc/cron.deny 
johny

Note: Make sure no conflict between file /etc/cron.allow and /etc/cron.deny.
Verify denied user with creating crontab entry:

$ crontab -e
You (johny) are not allowed to use this program (crontab)
See crontab(1) for more information

3. Deprecate execute permission of crontab command (Aggressive approach which affects all non-root users):
Default permissions :

# ls -lrt /usr/bin/crontab 
-rwsr-xr-x 1 root root 57552 Apr 21  2015 /usr/bin/crontab

Change The permission (remove the setuid bit) :

# chmod 700 /usr/bin/crontab
# ls -lrt /usr/bin/crontab
-rwx------ 1 root root 57552 Apr 21  2015 /usr/bin/crontab

Note: Make sure you have backup file before change its file permission.
After package upgrade, this change will be reversed to default.
Default permission:

# stat /usr/bin/crontab
  File: ‘/usr/bin/crontab’
  Size: 57552     	Blocks: 120        IO Block: 4096   regular file
Device: fd00h/64768d	Inode: 10751442    Links: 1
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2016-08-12 17:03:10.112443944 +0530
Modify: 2015-04-21 19:38:05.000000000 +0530
Change: 2016-03-14 14:03:30.347276747 +0530
 Birth: -

Verify denied user with creating crontab entry:

$ crontab -e
bash: /usr/bin/crontab: Permission denied

Filed Under: Linux, Solaris

Some more articles you might also be interested in …

  1. Active FTP vs. Passive FTP
  2. All Linux Compress/Decompress Commands
  3. How To Add/Remove Locale Archive in CentOS/RHEL 5,6
  4. hdparm: command not found
  5. dmesg Command Examples in Linux
  6. gcov: command not found
  7. How to Enable Verbose Logging for VSFTPD
  8. CentOS / RHEL 5 : How to Configure kdump
  9. How to set nproc (Hard and Soft) Values in CentOS / RHEL 5,6,7
  10. Beginners guide to vi editor (command line reference)

You May Also Like

Primary Sidebar

Recent Posts

  • powertop Command Examples in Linux
  • powertop: command not found
  • powerstat: command not found
  • powerstat Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright