Lab 013: Cron schedule deny to users
Lab 013: Cron schedule deny to users
Requirements
To stick with the security compliances, the Nautilus project team has decided to apply some restrictions on crontab access so that only allowed users can create/update the cron jobs. Limit crontab access to below specified users on App Server 1.
Allow crontab access to rose user and deny the same to ben user.
Note
This lab focuses on Cron Schedule deny to users configuration and management.
Prerequisites
- SSH access to the target server with root or sudo privileges.
- Required utilities and packages available.
Steps
Login to the app server and switch to root. For the server credentials, check out the Project Nautilus documentation.
sshpass -p '********' ssh -o StrictHostKeyChecking=no tony@172.16.238.10
sudo su -
********
Create the cron.allow file and add rose's name. Add ben's name to the cron.deny file.
echo "rose" >> /etc/cron.allow
echo "ben" >> /etc/cron.deny
To test, switch to user rose and test cron. Do the same for user ben.
su - rose
crontab -e
su - ben
crontab -e
Verification
- Confirm changes applied successfully.
- Verify configuration with appropriate show/list commands.
- Test functionality if applicable.