Re: providing crontab access for a user by sudo (367 Views)
Reply
Regular Advisor
gany59
Posts: 291
Registered: ‎06-17-2009
Message 1 of 5 (367 Views)

providing crontab access for a user by sudo

I want to give the permission to run the crontab command for the user called naraguna. So the below line is correct for putting the entry in the /etc/sudoers file.

naraguna ALL=(root)NOPASSWD:/usr/bin/crontab

Correct me if i am wrong.. Thanks in advance!
Honored Contributor
Johnson Punniyalingam
Posts: 2,246
Registered: ‎09-22-2008
Message 2 of 5 (367 Views)

Re: providing crontab access for a user by sudo

see below has example


user1 ALL = NOPASSWD:/housekeep/scripts/wintel/cleanup
Problems are common to all, but attitude makes the difference
Regular Advisor
gany59
Posts: 291
Registered: ‎06-17-2009
Message 3 of 5 (367 Views)

Re: providing crontab access for a user by sudo

can i know what is the meaning of ALL.

and i some forums i have seen the % symbol in front of the user name in /etc/sudoers file. what might be the reason for that. Please clarify Johnson..

Thanks!
Simhan
Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 4 of 5 (367 Views)

Re: providing crontab access for a user by sudo

The word ALL before the = sign in the examples above means the sudoers line is in effect in all hosts that have it in their sudoers file.

If you choose to manage your sudoers file centrally, and use the same file in many hosts, you can use host names in that place to create sudoers definitions that apply in some specific hosts.

The % sign in front of a name means it's a group name, not an user name.

MK
MK
Honored Contributor
Ralph Grothe
Posts: 2,631
Registered: ‎04-09-2000
Message 5 of 5 (367 Views)

Re: providing crontab access for a user by sudo

> naraguna ALL=(root)NOPASSWD:/usr/bin/crontab

Is that really your intention?
Consider that thus user naraguna is allowed to edit root's crontab, enabling them to schedule any (possibly nefarious) script or program to be executed as root.
If instead it was only intended for naraguna to peek into root's scheduled cronjobs, it maybe would be wiser to change the sudoers line into:

naraguna ALL = NOPASSWD /usr/bin/crontab -l
Madness, thy name is system administration
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.