Most of the people use cron for scheduling tasks on hourly or daily basis. It is one of the very best tool which gives system administrators a lot of relief as computer can do their work when they are miles away from their systems.
Enabling/Disabling the cron for specific user is something which is not used by every person but could be useful for the system administrators or people who would like to put some restrictions on services which a normal user can use in a system.
By default in most of the Flavors of linux/unix, cron is enabled for all users.
Enable/Disable User Level Cron:
There are two files which works to enable/disable the cron for users .. /etc/cron.allow and /etc/cron.deny. There are two models one can use to give access. Either specifically allow or specifically deny. That totally depends on the requirement and personal choice.
If you want to specifically allow few people and deny rest all then you need to create a file /etc/cron.allow and put entries into that file for every user you would like to allow.
If you want to specifically deny specific user then you need to create a file /etc/cron.deny and put entries into that file for each user you would like to deny the access to cron.
So from the above points we got the logic how this thing works. When some user tries to user crontab, then access for that user is checked in this order:
If it is present then it is checked which all users is present in there. Anyone who is not present in cron.allow file will be denied by default. In this case cron.deny file is not checked.
Now there could be two cases:
/etc/cron.deny file present:
If this file is present then it’s checked whether there is any entry for the user in this file. If there is any then that user is not given access to cron and rest all will be given complete access.
/etc/cron.deny file absent:
If this file is also absent then all the users will be given access to the cron.
So now we know the flow
crontab —> /etc/cron.allow —> /etc/cron.deny
So, if cron.allow file is present the only user present in the cron.allow file will be given the access and then cron.deny file won’t be checked at all.