In news:f416pb$emv$1@s1.news.oleane.net,
fabrice wrote:

> I would like to restrict acces to the crontab sytem only for root.
> I m working with a debian sarge.
> So i have created the /etc/cron.allow file with root inside.
> But it seems not to work, because each user can still create cron
> table.
>
> have i missed something ?

Does cron.deny exist? If so, remove it. Did you restart the cron daemon?

Hello,

cron.deny does not exist.
i have found the problem, but i m not sure to understand all the subtleties.

I have set the file permissions on 600 for /etc/cron.allow.
So when a user call the command crontab, the file /etc/cron.allow could not
be read.
By changing to 644, the file /etc/cron.allow works.

But i don't understand how the daemon cron works :
I have 3 questions (sorry )

1) It seems to run under root

ps aux | grep cron
root 13262 0.0 0.0 1764 820 ? Ss Jun04 0:00
/usr/sbin/cron

So why can't it read the /etc/cron.allow with file permission 600.

2) Is there a way to modify the default ebian behavior with cron.
I can understand that if /etc/cron.allow or /etc/cron.deny doesn't exist,
evevybody can use the crontab!
I prefer the policy : if they don't exist, only root can use crontab.
Can we change that ?

3/ What is the group crontab ?

thnaks a lot
fabrice




"Patrick" a écrit dans le message de news:
5ciuubF30nse3U1@mid.individual.net...
> In news:f416pb$emv$1@s1.news.oleane.net,
> fabrice wrote:
>
>> I would like to restrict acces to the crontab sytem only for root.
>> I m working with a debian sarge.
>> So i have created the /etc/cron.allow file with root inside.
>> But it seems not to work, because each user can still create cron
>> table.
>>
>> have i missed something ?
>
> Does cron.deny exist? If so, remove it. Did you restart the cron daemon?