HPE Community
Operating System - HP-UX
1820485 Members
2401 Online
109624 Solutions
New Discussion юеВ

Can normal users edit Crontab

 
Henry Chua
Super Advisor

тАО12-09-2004 11:51 AM

тАО12-09-2004 11:51 AM

Can normal users edit Crontab

HI Guys,

A query, except super users, can normal users edit the crontab. Can I assign rights to normal users to perform that. And if yes, how do I do that?

THank u!!

regards..
0 Kudos
Reply
15 REPLIES 15
Patrick Wallek
Honored Contributor

тАО12-09-2004 12:12 PM

тАО12-09-2004 12:12 PM

Re: Can normal users edit Crontab

Each user can edit his/her own crontab. You just need to edit /var/adm/cron.allow to allow them to run jobs.

If you are talking about them editing root's crontab, then no they can't, and I wouldn't want them to (would you want a user to randomly put something like 'shutdown -hy 0' in root's crontab? I think NOT!).

There are ways to allow that via things like sudo though.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО12-09-2004 12:19 PM

тАО12-09-2004 12:19 PM

Re: Can normal users edit Crontab

You probably could assign rights to the file that the root crontab stores its commands in.

This would be a terrible idea and security threat. The kind of idea that would cause you to flunk a security audit. Never, never never give regular users root access accept under controlled circumstances.

For example the passwd command is a SUID command because the user needs to update a root only file for writes, /etc/passwd

To give users access to root cron would be like placing a "have an IT disaster here please" sign on your forehead.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Rashid Hamid
Regular Advisor

тАО12-09-2004 01:45 PM

тАО12-09-2004 01:45 PM

Re: Can normal users edit Crontab

Hi Henry

I think you can edit the cron.allow and cron.deny.

If only the cron.deny file exists, any user whose name does not appear in the file can use crontab command.

A user cannot use the crontab command if one of the following is true
1) The cron.allow file and cron.deny file does not exist(allows root user only)
2) The cron.allow file exists but the user's login name not listed in cron.allow
3) The cron.deny file exists and the user login name is listed on it

Rashid
I'm Parit Madirono/Parit Betak Boyz
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО12-09-2004 04:04 PM

тАО12-09-2004 04:04 PM

Re: Can normal users edit Crontab

Yes - you have to add the users to /var/adm/cron.allow.

Then, they execute:

crontab -e

man cron for more info.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Henry Chua
Super Advisor

тАО12-09-2004 04:48 PM

тАО12-09-2004 04:48 PM

Re: Can normal users edit Crontab

Hi,

Thanks for the valuable inputs.
My system does not have cron.deny file, I have added my username in the cron.allow file but I was not able to write to crontab. Is there any explanation for this?

Thanks and regards
0 Kudos
Reply
Nguyen Anh Tien
Honored Contributor

тАО12-09-2004 05:30 PM

тАО12-09-2004 05:30 PM

Re: Can normal users edit Crontab

If you list username in cron.allow, only these users can use cron. other can not.
When saving cron.allow try to use:"wq!" instead "wq".
HP is simple
0 Kudos
Reply
Sanjay Kumar Suri
Honored Contributor

тАО12-09-2004 06:24 PM

тАО12-09-2004 06:24 PM

Re: Can normal users edit Crontab

I hope you are using the command

crontab -e

for creating cron entries.

sks
A rigid mind is very sure, but often wrong. A flexible mind is generally unsure, but often right.
0 Kudos
Reply
Ivajlo Yanakiev
Respected Contributor

тАО12-09-2004 07:20 PM

тАО12-09-2004 07:20 PM

Re: Can normal users edit Crontab

did you restart crond after you change config files ?

P.S.
Send exact error msg pls ?
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

тАО12-09-2004 08:49 PM

тАО12-09-2004 08:49 PM

Re: Can normal users edit Crontab

hi,

also check if the cron daemon is running!

ps -ef|grep cron

regards
Yogeeraj

No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Ralph Grothe
Honored Contributor

тАО12-09-2004 08:59 PM

тАО12-09-2004 08:59 PM

Re: Can normal users edit Crontab

If you're nuts or you really know what you're doing nobody of course prevents you from giving world write permission to this file

# ll /var/spool/cron/crontabs/root
-r-------- 1 root sys 782 Jan 20 2004 /var/spool/cron/cronta
bs/root
Madness, thy name is system administration
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО12-10-2004 02:09 AM

тАО12-10-2004 02:09 AM

Re: Can normal users edit Crontab

As root do:

crontab -e username

Does that work?

Save it, is it in:

/var/spool/cron/crontabs

cron.allow should be in:

/usr/lib/cron/

man crontab for more info

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО12-10-2004 02:20 AM

тАО12-10-2004 02:20 AM

Re: Can normal users edit Crontab

1) Which crontab file were you trying to write to?

2) How were you editing it?

If you did something like 'vi /var/spool/cron/crontabs/root' as a normal user and tried to modify and save it, then it won't work. You'd have to modify the permissions of the file (which I would NOT recommend) to allow that.

If you do a 'crontab -e' as a normal user then you will edit YOUR OWN crontab file and NOT anyone else's.

What EXACTLY are you trying to accomplish? Whose crontab file do you want normal users to edit?
0 Kudos
Reply
Henry Chua
Super Advisor

тАО12-13-2004 01:55 PM

тАО12-13-2004 01:55 PM

Re: Can normal users edit Crontab

Thanks for your valuble advises..

Actually wat I am trying to do is to add an cron job to my system. I have added my username in the cron.allow, and there is no cron.deny file in my system.

However, when I try to create
> crontab -e
and then tried to saved the file with "wq!"

it prompted me this
"Cant create your crontab file in crontab directory"

May I know why this is happening?

thanks!!
0 Kudos
Reply
Ivajlo Yanakiev
Respected Contributor

тАО12-13-2004 11:54 PM

тАО12-13-2004 11:54 PM

Re: Can normal users edit Crontab

did you change dir access using chmod ???
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО12-14-2004 01:42 AM

тАО12-14-2004 01:42 AM

Re: Can normal users edit Crontab

Did you try it as root?

crontab -e yourid

What is permission of

/usr/bin/crontab

Should be:
-r-sr-xr-x 1 root bin 24576 Nov 14 2000 /usr/bin/crontab


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.