>From vixie-cron misc.c source code version: misc.c,v 1.16 2004/01/23 18:56:43 >vixie
/* int allowed(const char *username, const char *allow_file, const char *deny_file) * returns TRUE if (allow_file exists and user is listed) * or (deny_file exists and user is NOT listed). * root is always allowed. */ So these two files are only used for user with uid <> 0. And if user is in both files, only cron.allow is checked first and gives the final result. This means for cron from paul: a) no files cron.allow, cron.deny: only root allowed b) user in cron.allow: user allowed, else not. c) no file cron.allow, but file cron.deny and user name not in this file: user allowed. Regards Tom Freundliche Grüsse Thomas Steudten Senior Database Engineer Centralschweizerische Kraftwerke AG Postfach Telefon +41 41 249 55 64 Telefax +41 41 249 52 77 E-Mail [email protected] Internet http://www.ckw.ch -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Alan McKinnon Gesendet: Mittwoch, 1. April 2009 22:35 An: [email protected] Betreff: Re: [lpi-examdev] cron.deny cron.allow On Wednesday 01 April 2009 19:08:23 G. Matthew Rice wrote: > <[email protected]> writes: > > What about /etc/cron.deny /etc/cron.allow? > > > > Sometimes it's not clear, what is valid right know. > > What, if a user is in both files? > > These are implicitly mentioned in 213.4: > > > https://group.lpi.org/publicwiki/bin/view/Examdev/LPIC-20x#213_4_Troublesho >oting_environmen > > Namely, "cron configuration files". However, in looking through the man > pages on my desktop, I can't find any mention of them in any of the man > pages. That's not good. So, I'll add the allow/deny files in the next > addendum, too. man 1 crontab, second para in DESCRIPTION section: If the cron.allow file exists, then you must be listed therein in order to be allowed to use this command. If the cron.allow file does not exist but the cron.deny file does exist, then you must not be listed in the cron.deny file in order to use this command. If neither of these files exists, only the super user will be allowed to use this command. This vixie-cron-4.1 and cron.allow takes precedence over cron.deny if both exist - the first sentence is always true without exception in the code. > > Depends this on version/ distro of cron? No, I have never seen a cron that does it any other way. There are other minor crons that might do it differently, but that's niche stuff. > If the major distros are all using vixie cron, it should be consistent. > > Can anyone confirm RH again? :) RH uses vixie-cron -- alan dot mckinnon at gmail dot com _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
