Question : In alignment with security compliance standards, the Nautilus project team has opted to impose restrictions on crontab access. Specifically, only designated users will be permitted to create or update cron jobs
Configure crontab access on App Server 3 as follows: Allow crontab access to siva user while denying access to the ryan user.
Please Note :- Perform the below commands based on your question server, user name & other details might differ . So please read task carefully before executing. All the Best 👍
Solution:
1. Login on app server as per the given in your task and switch to sudo
hor@jumphost ~$ ssh banner@stapp03 The authenticity of host 'stapp03 (172.16.238.12)' can't be established. ED25519 key fingerprint is SHA256:qcSAnkD0oR3MQ6wm1vLq4iihrGcef2exSsHVaTHkOCU. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'stapp03' (ED25519) to the list of known hosts. banner@stapp03's password: [banner@stapp03 ~]$ sudo su - We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for banner: [root@stapp03 ~]# |
2. Cron.allow & cron deny files not exist we need to create it
[root@stapp03 ~]# ls /etc/cron* /etc/crontab /etc/cron.d: 0hourly /etc/cron.daily: /etc/cron.hourly: 0anacron /etc/cron.monthly: /etc/cron.weekly: [root@stapp03 ~]# [root@stapp03 ~]# echo siva >> /etc/cron.allow [root@stapp03 ~]# echo ryan >> /etc/cron.deny [root@stapp03 ~]# [root@stapp03 ~]# cat /etc/cron.allow siva [root@stapp03 ~]# cat /etc/cron.deny ryan [root@stapp03 ~]# |
3. Restart and check status of crond.service.
[root@stapp03 ~]# systemctl restart crond.service && systemctl status crond.service ● crond.service - Command Scheduler Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; preset: enabled) Active: active (running) since Sat 2025-08-02 09:40:46 UTC; 49ms ago Main PID: 2266 (crond) Tasks: 1 (limit: 411434) Memory: 1012.0K CGroup: /docker/ad5fbc21be2bc4f33ee6fcdf77e1570b2431419c16054df3f185f127a39de3fb/system.slice/crond.service └─2266 /usr/sbin/crond -n Aug 02 09:40:46 stapp03.stratos.xfusioncorp.com systemd[1]: crond.service: Changed dead -> running Aug 02 09:40:46 stapp03.stratos.xfusioncorp.com systemd[1]: crond.service: Job 328 crond.service/start finished, result=done Aug 02 09:40:46 stapp03.stratos.xfusioncorp.com systemd[1]: Started Command Scheduler. Aug 02 09:40:46 stapp03.stratos.xfusioncorp.com systemd[2266]: crond.service: Executing: /usr/sbin/crond -n Aug 02 09:40:46 stapp03.stratos.xfusioncorp.com systemd[1]: crond.service: Failed to send unit change signal for crond.service: Connection reset by peer Aug 02 09:40:46 stapp03.stratos.xfusioncorp.com crond[2266]: (CRON) STARTUP (1.5.7) Aug 02 09:40:46 stapp03.stratos.xfusioncorp.com crond[2266]: (CRON) INFO (Syslog will be used instead of sendmail.) Aug 02 09:40:46 stapp03.stratos.xfusioncorp.com crond[2266]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 63% if used.) Aug 02 09:40:46 stapp03.stratos.xfusioncorp.com crond[2266]: (CRON) INFO (running with inotify support) Aug 02 09:40:46 stapp03.stratos.xfusioncorp.com crond[2266]: (CRON) INFO (@reboot jobs will be run at computer's startup.) [root@stapp03 ~]# |
4. Validate the task by switching the user
[root@stapp03 ~]# su siva [siva@stapp03 root]$ crontab -l no crontab for siva [siva@stapp03 root]$ exit [root@stapp03 ~]# su ryan [ryan@stapp03 root]$ crontab -l You (ryan) are not allowed to use this program (crontab) See crontab(1) for more information [ryan@stapp03 root]$ |
5. Click on Finish & Confirm to complete the task successful
Happy Learning!!!!
0 Comments