Find the answer to your Linux question:
Results 1 to 4 of 4
Hey all, I was reading up on Cron, and I understood that cron.allow is a whitelist and cron.deny is a blacklist. I assumed that a user listed in both lists ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2012
    Posts
    10

    What if a user is listed in both cron.allow and cron.deny?


    Hey all,

    I was reading up on Cron, and I understood that cron.allow is a whitelist and cron.deny is a blacklist. I assumed that a user listed in both lists would still be banned from using Cron, but apparently this is not the case. I couldn't find a definitive answer as to why, which is why I'm asking here. Is it just a matter of precedence?

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    what i've read seems to indicate is that if the user is listed in cron.deny, they cannot use cron, period.

    If the cron.allow file exists, only users whose login names appear in it can use the crontab command. The root user's log name must appear in the cron.allow file if the file exists. A system administrator can explicitly stop a user from using the crontab command by listing the user's login name in the cron.deny file. If only the cron.deny file exists, any user whose name does not appear in the file can use the crontab command.

    A user cannot use the crontab command if one of the following is true:

    The cron.allow file and the cron.deny file do not exist (allows root user only).
    The cron.allow file exists but the user's login name is not listed in it.
    The cron.deny file exists and the user's login name is listed in it.

    If neither the cron.allow nor the cron.deny file exists, only someone with root user authority can submit a job with the crontab command.

    Are you sure your cron is honoring those files? Do you see crond reading them in the cronlog?

  3. #3
    Just Joined!
    Join Date
    Oct 2012
    Location
    Fayetteville, AR
    Posts
    2
    My question is why would a user be in both lists? That aside, I would assume it would have to be the order in which the files are read. If the .deny file is read first and then .allow, the .allow would override. Just my $0.02.

  4. #4
    Just Joined!
    Join Date
    Jul 2012
    Posts
    10
    Thanks for your replies.

    I'm not experiencing the problem directly; it was more of a hypothetical question. The linux server I have access to isn't my own, and as a result I don't have root privileges. It doesn't have a cron.allow file, and so I can't see what actually happens.

    I suppose what actually happens depends on the configuration of the box, and the order that it reads the cron.* files.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •