Cron scripts security

Hello everyone,

I have an AIX 6.1 machine and i experienced a problem with my cron scripts. It appears that somebody renamed a cron script so crontab could not execute it.
Is there a way to put some security on cron scripts so nobody else except root can rename or delete a cron script? Or they are treated the same way with other files (access rights)?

Thank you

Hello,

In case of AIX you can decide either a particular user should have access or not to crontab, so for that you can edit file named

  /var/adm/cron/cron.deny 

or

 /var/adm/cron/cron.allow 

As by name itself we can can understand that allow file will allow users, deny file will deny users.

By this you can manage the users to access the crontab entries.

Thanks,
R. Singh

Do I understand right, that the name of a script called by cron was changed?
The easiest way to protect them from renaming is to put all scripts called by cron into a directory owned by root and only give root any rights on that directory.

well actually this is useful to have a list of users who can access the crontab but this is not my case.
the user who renamed the cron script didnt have access to the crontab. he just went to the directory that the cron script is located and renamed it.
i was wondering if there was any "special" way to handle access rights on cron scripts or if they are treated the same way with other scripts.
i guess that i should give specific access rights to root only or to the user that runs the cron scripts.

They are normal scripts - file access rights and directory permissions (file deletion!) apply.

As MadeInGermany stated, regular access controls apply.

So, simple ways to protect directory is to 1) remove write permission to directory and/or add STVX ( chmod g-w,o+t .../directoryname ) to the directory.

The script itself would be protected using the group/other write bits ( chmod og-w .../filename )

ok thank you very much for your help and tips