Lab Information
In alignment with security compliance standards, the Nautilus project team has opted to impose restrictions on crontab access. Specifically, only designated users will be permitted to create or update cron jobs.
Configure crontab access on App Server 3 as follows: Allow crontab access to kareem user while denying access to the jerome user.
Lab Solutions
π§ Part 1: Lab Step-by-Step Guidelines
πΉ Step 1: Log in to Jump Host
ssh thor@jump_host.stratos.xfusioncorp.com
Password:
mjolnir123
πΉ Step 2: SSH into App Server 3
ssh banner@stapp03.stratos.xfusioncorp.com
Password:
BigGr33n
πΉ Step 3: Switch to root
sudo -i
π Configure Cron Access Control
Linux controls cron access using two files:
/etc/cron.allow
/etc/cron.deny
If /etc/cron.allow exists β only users listed inside it can use crontab. Linux interprets each line as:
βThis is a system user allowed to use crontab.β
πΉ Step 4: Create or Edit cron.allow
echo kareem > /etc/cron.allow
This ensures only kareem can use crontab.
πΉ Step 5: Verify configuration
cat /etc/cron.allow
Expected output:
kareem
β Final Checklist
β Executed on App Server 3 only
β /etc/cron.allow exists
β Contains only kareem
β jerome not listed
β Verified successfully
π§ Part 2: Simple Step-by-Step Explanation (Beginner Friendly)
πΉ How does cron permission work?
Linux checks:
/etc/cron.allow
/etc/cron.deny
Rules:
If cron.allow exists β only listed users can use cron.
If it doesnβt exist β system checks cron.deny.
πΉ Why create cron.allow?
Because we want:
kareem β allowed
jerome β denied
The easiest and most secure way is:
cron.allow β contains only kareem
Now:
kareem can create crontab
jerome cannot
πΉ Why not just use cron.deny?
Because deny files are less strict.
Allow-listing is more secure than block-listing.
π Real-World Context
In enterprise systems:
Only trusted automation users get cron access
Regular users are restricted
Allow-list model is considered more secure
Top comments (0)