Increase Server Security by Restricting Cron Jobs

Cron is one of the outstanding features in Linux and Unix-like operating systems that many system administrators love. It provides a full range of automation capabilities by allowing admins to schedule programs, scripts or other processes for any time of any day. Allowing other users to do this, however, can pose a security risk. Therefore, it is a good idea to restrict cron jobs to only the necessary users.

There are two files that provide cron access control:



If you have a specific user you do not want using cron, enter that user into /etc/cron.deny. On the other hand, you can disable all users by putting “ALL” in /etc/cron.deny and then whitelisting the ones you want to give access to in /etc/cron.allow.

Once a user is denied from crontab, he will not be able to set or modify cron jobs. However, if you set a cron job to run as that user, it will still work on that user’s behalf. This may be convenient if you want to give limited cron access, or if you have a control panel that will allow users to set cron jobs only for themselves through your administrative approval.