LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-19-2014, 05:39 PM   #1
sundog932
LQ Newbie
 
Registered: Dec 2014
Posts: 2

Rep: Reputation: Disabled
Appropriate user to run cron jobs


Hello. I am transitioning from a system that used Solaris to one that uses a Linux flavor (CentOS). For the Solaris system, I was not an administrator, but will be for the Linux system. In order to run cron jobs, our users had to "su" to a role (not account) that was set-up to run cron jobs. Individual accounts were not permitted to run cron jobs, one reason being if someone left, the system continued to run after the account was disabled.

What is the similar paradigm in Linux? Do I create a no login user/no ssh user, where users can only "su" to this account? Something else? Thanks.
 
Old 12-19-2014, 05:41 PM   #2
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,362

Rep: Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004
It's up to you. Personally, I let my users set up cron jobs on their own accounts, I really don't see the harm in it. If you're going to go to the trouble of disabling the user's account when they leave, why not just comment out their cron entries at the same time? It takes all of five seconds. I assume you would be commenting out their entries on this dedicated cron account anyway, right? So what's the difference?

Going through the hassle of setting up a dedicated user just for running cron jobs, and the hassle of your users having to use this special account for all cron jobs (what if they need a job run in their home directory? Aren't permissions a nightmare?) just seems like a roundabout "solution" to a non-existent problem to me. *shrug*

Last edited by suicidaleggroll; 12-19-2014 at 05:44 PM.
 
Old 12-20-2014, 05:38 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,691

Rep: Reputation: 2264Reputation: 2264Reputation: 2264Reputation: 2264Reputation: 2264Reputation: 2264Reputation: 2264Reputation: 2264Reputation: 2264Reputation: 2264Reputation: 2264
Hello.
 
Old 12-28-2014, 12:35 PM   #4
sundog932
LQ Newbie
 
Registered: Dec 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thank you for the response. This answered my question, in that there doesn't appear to be a best practice.
 
Old 12-28-2014, 01:03 PM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
In this particular case "best practice" is what the site decides.

In one instance where I worked, there was a designated production user. The account itself couldn't be logged in, BUT staff users that were authorized to use the account could get logged by first authenticating via Kerberos, then they could their personal credentials to remotely login to the account.

In this way, we had control over the account, and audit logs of who, when, and from where, they logged in. Without Kerberos, there is no auditing of who is getting logged in. sudo can SORT of do it, but not all information can be recorded (specifically, the "from where").

ssh logins using RSA can also sort of do it... but it then depends on the security of the users workstation to protect the private keys...

Last edited by jpollard; 12-28-2014 at 01:05 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] What happens to cron jobs scheduled to run when the PC is suspended? bonixavier Slackware 5 04-08-2011 12:52 AM
User Cron Jobs Won't Run - Pulling Hair Out rhugga Linux - Enterprise 2 08-06-2007 12:52 AM
How to run jobs in /etc/cron.daily? Micro420 Linux - Newbie 4 10-19-2006 03:07 PM
Can't run cron jobs as user, only root Kropotkin Linux - Newbie 5 11-10-2004 10:30 AM
Cron jobs, will they run when not logged in? nextekcarl Linux - General 18 03-30-2004 11:28 AM


All times are GMT -5. The time now is 08:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration