[Linux] disabling cron
Kwan Lowe
linux@flux.org
Fri, 11 May 2007 18:44:14 -0400 (EDT)
> This should not be this difficult. I'm simply trying to disable the use
> of cron for a user. I tried /etc/cron.deny, /usr/lib/cron/cron.deny but
> none work. Finally I just chown root:root
> /var/spool/cron/crontabs/<user> && chmod 000
> /var/spool/cron/crontabs/<user> But that seems ugly to me.
>
> Anyone have any insight?
You're probably using vixie-cron... I ran into this same issue.. Here's a page:
http://www.puschitz.com/SecuringLinux.shtml
NOTE:
In RHEL4 pam_access is already configured for crond:
# grep pam_access /etc/pam.d/*
/etc/pam.d/crond:account required pam_access.so
accessfile=/etc/security/access-cron.conf
#
This means that the above entries in /etc/security/access.conf will stop cron from
working. Note that it is very prudent to always check whether pam_access is
configured for any other service on the system!
To ensure that all users on the system can still run cron jobs you can add the
following argument to pam_access in /etc/pam.d/crond:
account required pam_access.so accessfile=/etc/security/access-cron.conf
This ensures that the /etc/security/access.conf configuration file is not invoked by
crond. Since pam_cracklib does not grant permissions if the configuration file does
not exist, execute the following command to create an empty file:
# touch /etc/security/access-cron.conf
Now verify that cron jobs can be launched by any user on the system.
--
* The Digital Hermit http://www.digitalhermit.com
* Unix and Linux Solutions kwan@digitalhermit.com