The Problem
A non-privileged user cannot edit their crontab file using the command “crontab -e”
$ crontab -e no crontab for oracle - using an empty one /tmp/crontab.Lm34gsJV: Permission denied $
The Solution
This can happen mainly due to wrong permission on /tmp directory. When a user tries to edit the crontab using ‘crontab -e’ command, a temporary crontab file is created in /tmp directory, which is overwritten on the actual crontab file when the user saves the changes. Incorrect group-owner (root) permissions on / can also cause this error. In order to resolve the issue check below 2 things on the server.
Check the permission of /tmp
1. make sure the permission of /tmp directory are “drwxrwxrwt.”
# ls -ld /tmp/ drwxr-xr-x. 13 root root 4096 May 14 10:48 /tmp/
As you can see in the output above, these are incorrect permission.
2. Restore the correct permissions like this:
# chmod 1777 /tmp
The directory must permit world read, write and execute permissions. The “sticky” bit is also set so that only the owner of a file can delete it; otherwise any user could delete any arbitrary file in the directory.
3. Try creating a new file in /tmp/to verify:
# touch /tmp/test_file
Verify the SELinux Permissions
1. You may also want to check is SELinux is enabled on the system. SELinux in some cases, if set incorrectly can create problem. To verify if SELinux is enabled:
# getenforce Enforcing
2. Let us disable SELinux temporarily to check if the issue gets resolved.
# setenforce 0
3. Verify the settings by editing the user crontab.
# crontab -e
4. If it works fine, you may want to enable the SELinux back and use “restorecon” to restore the correct permission of the /tmp directory.
# setenforce 1 # restorecon -v /tmp