How to set Cron/At Access Control ?
Cron stores it’s enteries in the crontab (cron table) file. This is generally located in your /etc directory. As well, each user on your system can have their own crontab which would be stored in /var/spool/cron/. To edit a users crontab entry, simply log into your system for that particular user and type crontab -e. The default editor for the ‘crontab -e’ command is vi. Below is the simple example of crontab entry
0 12 * * * root php /srv/www/mysar/dump.php >> /dev/null 2>&1
Field Meaning
1 Minute (0-59)
2 Hour (2-24)
3 Day of month (1-31)
4 Month (1-12, Jan, Feb, etc)
5 Day of week (0-6) 0 = Sunday, 1 = Monday etc or Sun, Mon, etc)
6 Run the command as following user
7 Command to execute
Now to control the access to crontab for particular user you need to edit the required configuration file depending upon your requirement, which are mentioned below.
1. /etc/cron.allow
If it exists, a user must be listed in this file in order to use crontab.
2. /etc/cron.deny
If it exists, a user must not be listed in this file in order to user crontab.
Similary for “at” access control
, you can edit the following files depending upon your requirement
1. /etc/at.allow
Same as cron.allow, only for “at”.
2. /etc/at.deny
Same as cron.deny, only for “at”.