To restrict the usage of the at and cron commands to authorized users on Linux/UNIX systems, you can use the following steps:
- Create a group for authorized users:
sudo groupadd atcronusers
- Add the authorized users to the group:
sudo usermod -a -G atcronusers user1
sudo usermod -a -G atcronusers user2
...
- Modify the permissions of the
atandcroncommands:sudo chown root:atcronusers /usr/bin/at
sudo chmod 750 /usr/bin/atsudo chown root:atcronusers /usr/bin/crontab
sudo chmod 750 /usr/bin/crontab
These commands set the group ownership of the
atandcroncommands toatcronusersand set the permissions so that only the root user and members of theatcronusersgroup can execute them. - Edit the
/etc/at.allowand/etc/cron.allowfiles to include the names of the authorized users or group:/etc/at.allow
atcronusers
/etc/cron.allow
atcronusers
These files allow only the users or group listed in them to use the
atandcroncommands. - Optionally, you can also edit the
/etc/at.denyand/etc/cron.denyfiles to deny access to specific users or groups:/etc/at.deny
user3
/etc/cron.deny
user3
These files deny access to the users or group listed in them.
Note that if the at.deny or cron.deny files exist, only users not listed in these files are allowed to use at or cron. If neither allow nor deny files exist, access to at and cron is granted to all users.
After completing these steps, only the authorized users or group will be able to use the at and cron commands on the system.