3

I want to allow non-root users to create periodic tasks but I don't want to indirectly give them root access by giving them access to crontab. Is there any alternative for them to create cron tasks that have no root access?

I could create a script myself in crontab that checks all the user home folders and runs crontab-like file that they provide with their user permissions. But... this would be basically reinventing crontab and I'm sure my implementation would be prone to security issues.

Is there a way to do this without reinventing the wheel? it is very strange that Linux doesn't provide this mechanism already.

Improve this question
2
  • 2
    Why do you think giving them access to crontab would indirectly give them root access? Is there some reason to think cron is sufficiently faulty/insecure enough, regardless of it being used for years and years on lots and lots of systems?
    – ilkkachu
    Commented Aug 19, 2021 at 20:49
  • Are you on a system where user-specific crontabs exist? If so, why are those not sufficient?
    – jwodder
    Commented Aug 19, 2021 at 20:52

2 Answers 2

Reset to default
6

By default, every user can have a crontab created. All the user needs is to be able to login to the system via ssh. After the user is logged in, all they have to do is

crontab -e

And this will open a crontab file for them to populate. After the user is done with the crontab, the file is saved in /var/spool/cron/* for each user.

Scheduled jobs will be run as the user, with the user's permissions not as root.

If you'd like to create crontabs for different users, you could create them yourself for every user and later inspect them. The users do not need root access for this

On a RHEL system, crontab for user joe will have the path /var/spool/cron/joe

Improve this answer
0

On many Linux systems, each user has eir own cron table which ey can manage by using the crontab command; it will not execute with root's permissions, but rather eir own.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.