You are currently viewing Enhancing Security by Restricting Crontab Access

Enhancing Security by Restricting Crontab Access

One of the key aspects of ensuring robust security practices on systems is restricting crontab access, and only giving access to trusted persons. A cron is a time-based job scheduler in Linux operating systems used to automate backups, make desired updates and installations, and general system maintenance. Two types of access restrictions are involved.

1. Allow access to specified users

Having created a team on Linux systems, there is a great need to give only designated users access to some services. In a previous guide, we covered How to create a user in Linux. To allow access to a user;

echo "username" | sudo tee -a /etc/cron.allow   #replace username with the name of the user

2. Deny Access to Unauthorized Users

To deny access to some users:

echo "username" | sudo tee -a /etc/cron.deny #replace username with an existing user

Having made the above updates, ensure to update the cron file permission and ownership. The root user should own the files, and you should restrict the files to permission 644.

sudo chown root:root /etc/cron.allow /etc/cron.deny
sudo chmod 644 /etc/cron.allow /etc/cron.deny

The changes will take effect the next time you restart the cron daemon or when a user creates/edits a new crontab job. We recommend testing the changes in a non-production environment before applying them to a production system.

How to restart the Cron Daemon

Once you configure the controls, restart the cron daemon to apply the changes.

sudo systemctl restart cron  #For systems using systemd
sudo service cron restart  #For systems using init.d

Besides restricting crontab access, see a list of some other security measures that you can apply to a system to enhance its security posture:

  1. Firewall Configuration
  2. Regular Software Updates
  3. User Authentication and Authorization
  4. Intrusion Detection and Prevention Systems (IDS/IPS)
  5. Filesystem Permissions
  6. Backup and Disaster Recovery
  7. Disable Unnecessary Services
  8. Secure Remote Access

Make a donation to support us

For web development services, SEO services, Digital marketing strategies, website set up services, web hosting and domain registration; contact Dynamic Technologies.

Related articles: