Linux 101: How to block users from setting up their own cron jobs
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.
You’re a new Linux admin and you’re familiar with how cron works. You’ve been tasked with hardening your Linux servers and one thing you’d like to do is prevent users from setting up their own cron jobs. After all, shouldn’t that task fall into your hands?
You certainly don’t want users creating regularly scheduled jobs that could compromise the integrity of your server. What do you do? You block users from creating cron jobs. Believe it or not, this is surprisingly easy to take care of.
Let me show you how.
SEE: Shadow IT policy (TechRepublic Premium)
Log in to your Linux server. First we’re going to make sure we allow usage of cron for all required users, such that the server can function properly. Let’s keep that to a minimum, so maybe root and your admin user.
Create the new allow file with the command:
sudo nano /etc/cron.allow
In that new file, add the user root on the first line and your admin username on the second line. Once you’ve done that, save and close the file.
At this point, root and your admin username have permission to use cron, but no one is blocked. Let’s take care of that by blocking all other users.
For that, create the deny file with the command:
sudo nano /etc/cron.deny
In that file add ALL to the first line. Save and close the file. Now, only the two users you’ve specified in the allow file can use cron. You don’t have to block users with ALL. If you want to block specific users, simply add their usernames, one per line, in the deny file.
And that’s all there is to blocking users from setting up their own cron jobs in Linux. Enjoy that newfound security.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.