In my open vpn server, i am ensuring cron file permission to be only accessable from root user.
I have removed the at.deny and cron.deny files and have created at.allow and cron.allow and 0600 permissions are applied for files, both files are empty and file permissions are as below, which clearly says root has read and write access.
-rw------- 1 root root 0 Jul 21 08:40 cron.allow
-rw------- 1 root root 0 Jul 21 08:40 at.allow
however this change allows my openvpnas user to still list the crontab and even allows to edit cron.
openvpnas@openvpnas2:~$ crontab -l
no crontab for openvpnas
Where as when the file permissions are as below,
-rw-r--r-- 1 root root 0 Jul 21 08:41 cron.allow
-rw-r--r-- 1 root root 0 Jul 21 08:41 at.allow
It restricts my non root users to access or edit cron files! This issue is only with one of my server, where as other server permissions and behaviours are as expected,
openvpnas@openvpnas2:~$ crontab -l
You (openvpnas) are not allowed to use this program (crontab)
See crontab(1) for more information
Please provide your inputs on this, this has kept me blocked from continuing my work.
This issue i faced was in Ubuntu 18.04 instance,
Current /usr/bin/crontab permission was as below,
-rwxr-sr-x 1 root crontab 39352 Nov 16 2017 /usr/bin/crontab
Had to change the group user from crontab to root and file permission to as below,
sudo chmod 4755 /usr/bin/crontab
sudo chown root:root /usr/bin/crontab
-rwsr-xr-x 1 root root 39352 Nov 16 2017 /usr/bin/crontab
This permission restricts the non-root user to schedule cronjobs. The access can be allowed to non-root users by adding the user names in cron.allow file.
openvpnas@openvpnas2:~$ crontab -l
You (openvpnas) are not allowed to use this program (crontab)
See crontab(1) for more information