Problem with cron.allow - Security

This is a discussion on Problem with cron.allow - Security ; Hello, I would like to restrict acces to the crontab sytem only for root. I m working with a debian sarge. So i have created the /etc/cron.allow file with root inside. But it seems not to work, because each user ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Problem with cron.allow

  1. Problem with cron.allow

    Hello,

    I would like to restrict acces to the crontab sytem only for root.
    I m working with a debian sarge.
    So i have created the /etc/cron.allow file with root inside.
    But it seems not to work, because each user can still create cron table.

    have i missed something ?

    thanks.
    fab



  2. Re: Problem with cron.allow

    In news:f416pb$emv$1@s1.news.oleane.net,
    fabrice wrote:

    > I would like to restrict acces to the crontab sytem only for root.
    > I m working with a debian sarge.
    > So i have created the /etc/cron.allow file with root inside.
    > But it seems not to work, because each user can still create cron
    > table.
    >
    > have i missed something ?


    Does cron.deny exist? If so, remove it. Did you restart the cron daemon?

  3. Re: Problem with cron.allow

    Hello,

    cron.deny does not exist.
    i have found the problem, but i m not sure to understand all the subtleties.

    I have set the file permissions on 600 for /etc/cron.allow.
    So when a user call the command crontab, the file /etc/cron.allow could not
    be read.
    By changing to 644, the file /etc/cron.allow works.

    But i don't understand how the daemon cron works :
    I have 3 questions (sorry )

    1) It seems to run under root

    ps aux | grep cron
    root 13262 0.0 0.0 1764 820 ? Ss Jun04 0:00
    /usr/sbin/cron

    So why can't it read the /etc/cron.allow with file permission 600.

    2) Is there a way to modify the default ebian behavior with cron.
    I can understand that if /etc/cron.allow or /etc/cron.deny doesn't exist,
    evevybody can use the crontab!
    I prefer the policy : if they don't exist, only root can use crontab.
    Can we change that ?

    3/ What is the group crontab ?

    thnaks a lot
    fabrice




    "Patrick" a écrit dans le message de news:
    5ciuubF30nse3U1@mid.individual.net...
    > In news:f416pb$emv$1@s1.news.oleane.net,
    > fabrice wrote:
    >
    >> I would like to restrict acces to the crontab sytem only for root.
    >> I m working with a debian sarge.
    >> So i have created the /etc/cron.allow file with root inside.
    >> But it seems not to work, because each user can still create cron
    >> table.
    >>
    >> have i missed something ?

    >
    > Does cron.deny exist? If so, remove it. Did you restart the cron daemon?




+ Reply to Thread