Control who can use the crontab utility by listing allowed users in a single system file. 01.02.2026 | reading time: 2 min Cron by default lets any user install personal crontabs unless the administrator restricts access; the simplest restriction is to create "/etc/cron.allow" and list only the users who may use the crontab command. Hands-on example Do this as root to allow only user alice to use crontab, then observe the result for alice and bob: ``` # as root echo "alice" > /etc/cron.allow ls -l /etc/cron.allow # as alice su - alice -c "crontab -l" # as bob su - bob -c "crontab -l" ``` Typical output you will see is: ``` -rw-r--r-- 1 root root 6 /etc/cron.allow no crontab for alice You (bob) are not allowed to use this program (crontab) ``` What else matters A few concrete notes to act on: when "/etc/cron.allow" exists, cron ignores "/etc/cron.deny" and permits only listed users; entries must match usernames exactly and may be one per line; file ownership and permissions should keep it root-owned and readable; system crontabs in "/etc/crontab" and "/etc/cron.d" are unaffected because they are managed by the administrator, not by user crontab rules. Edge cases and tips Behavior for the root account and some cron implementations varies, so if you rely on a strict allowlist add root explicitly or manage scheduled tasks via system crontabs; remember some systems use different cron packages or additional access controls, so test the exact message from `crontab` on your distribution after changing the allow file. Alternatives to consider If you need per-service scheduling, prefer systemd timers for better unit control and logging, or use anacron for machines that sleep; for fine-grained delegation keep user lists small and document who may add jobs to the system crontab. Final thought A small text file in "/etc" can harden scheduling quickly; start restricting who can run crontab today and learn the implications for automation and auditing. Join Bits & Bytes Academy First class LINUX exam preparation. security utilities scripting
