Manage cron access in Ubuntu

In this article, we would cover how we can manage cron access in Ubuntu. If you want to know – How to schedule tasks with cron in Ubuntu then, follow the article here. Here, we would specifically deal with – how we can allow or deny certain users the access to cron.

With the help of cron daemon, we can schedule tasks at specific time and frequency. If any user wishes to execute a particular task then he/she has to access the crontab file. A crontab file contains a list of commands along with the frequency at which the commands are to be executed.

It is worth mentioning here that, the crontab file would be different for different users. That is, when we use the following command – it doesn’t mean that user gets the access to a common file shared between users.

crontab -e

So, from here we know that the crontab file is unique to all users. But, can we limit or deny a users’ access to cron?┬áThe answer is Yes we can and how we are about to achieve it will be discussed next.

Note: Following operations would require you to have superuser privileges. In case you don’t have one then, we advise you to contact your System Administrator for assistance.

Manage cron access in Ubuntu

There are mainly two files in /etc/ directory to manage a users’ access to cron daemon.

I. /etc/cron.allow, if the file is exists then to access the crontab command-line utility – the associated <username> has to be there (one <user_name> per line). If the file exists and <username> isn’t there then, the user won’t get the access to crontab file. Even if the user tries to list the contents of crontab file through –

crontab -l

It would throw an error –

You (<user_name>) are not allowed to use this program (crontab)

II. The second file is – /etc/cron.deny, If in case the cron.allow file doesn’t exist. Then, the <username> should be there in the cron.deny file. If its there then also, a user is denied the access.

III. If none of the file exists then, all users have the access to cron.

IV. But, what if both the files i.e. /etc/cron.allow and /etc/cron.deny exists. Then, /etc/cron.allow supersedes /etc/cron.deny. Which means, the <user_name> must be there in /etc/cron.allow to have the access. If the <user_name> isn’t there then, irrespective of whether there is an entry in /etc/cron.deny file – the user cannot have access to cron.

In conclusion, we can easily manage a users’ access to cron in Ubuntu through two files – /etc/cron.allow and /etc/cron.deny.