I have an AIX 6.1 machine and i experienced a problem with my cron scripts. It appears that somebody renamed a cron script so crontab could not execute it.
Is there a way to put some security on cron scripts so nobody else except root can rename or delete a cron script? Or they are treated the same way with other files (access rights)?
Do I understand right, that the name of a script called by cron was changed?
The easiest way to protect them from renaming is to put all scripts called by cron into a directory owned by root and only give root any rights on that directory.
well actually this is useful to have a list of users who can access the crontab but this is not my case.
the user who renamed the cron script didnt have access to the crontab. he just went to the directory that the cron script is located and renamed it.
i was wondering if there was any "special" way to handle access rights on cron scripts or if they are treated the same way with other scripts.
i guess that i should give specific access rights to root only or to the user that runs the cron scripts.
As MadeInGermany stated, regular access controls apply.
So, simple ways to protect directory is to 1) remove write permission to directory and/or add STVX ( chmod g-w,o+t .../directoryname ) to the directory.
The script itself would be protected using the group/other write bits ( chmod og-w .../filename )