In the Oracle Linux documentation, why is there no mention of what happens when these cron files are empty?
by myjess from LinuxQuestions.org on (#6EVPK)
This may be a pedantic question, and I have asked it in the Oracle forum, but I thought I would cast my net wider.
In the Oracle Linux documentation, why is there no mention of what happens when these cron files are empty?
ie: Only root can use crontab.
Page 35:
https://docs.oracle.com/en/operating...MONITORING.pdf
"Controlling Access to Running cron Jobs
If permitted, users other than root can configure cron tasks by using the crontab
command. All user-defined crontab-format files are stored in the /var/spool/cron directory
with the same name as the users that created them.
root can use the /etc/cron.allow and /etc/cron.deny files to restrict access to cron.
crontab checks the access control files each time that a user tries to add or delete a cron
job. If /etc/cron.allow exists, only users listed in it are allowed to use cron, and /etc/
cron.deny is ignored. If /etc/cron.allow does not exist, users listed in /etc/cron.deny are
not allowed to use cron. If neither file exists, only root can use cron. The format of
both /etc/cron.allow and /etc/cron.deny is one user name on each line."
And it seems to be ditto for the at command.
Question that could be asked: iWhy not just delete these files.i
Answer that could be given: iI do not know the environment, there could be AIDE's or PenTesting that specifically looks for these files and if they are empty.i
Thank you.
In the Oracle Linux documentation, why is there no mention of what happens when these cron files are empty?
ie: Only root can use crontab.
Page 35:
https://docs.oracle.com/en/operating...MONITORING.pdf
"Controlling Access to Running cron Jobs
If permitted, users other than root can configure cron tasks by using the crontab
command. All user-defined crontab-format files are stored in the /var/spool/cron directory
with the same name as the users that created them.
root can use the /etc/cron.allow and /etc/cron.deny files to restrict access to cron.
crontab checks the access control files each time that a user tries to add or delete a cron
job. If /etc/cron.allow exists, only users listed in it are allowed to use cron, and /etc/
cron.deny is ignored. If /etc/cron.allow does not exist, users listed in /etc/cron.deny are
not allowed to use cron. If neither file exists, only root can use cron. The format of
both /etc/cron.allow and /etc/cron.deny is one user name on each line."
And it seems to be ditto for the at command.
Question that could be asked: iWhy not just delete these files.i
Answer that could be given: iI do not know the environment, there could be AIDE's or PenTesting that specifically looks for these files and if they are empty.i
Thank you.