I want to run at least one cron job that does not require root or any other special privileges. I therefore want to create a user account (named "cronjobs") whose sole purpose is to run crontab entries.
What's the best way to do this to ensure the best security (at least on my Redhat9 system)?
(I'm sure this is a general faq asking about how to "lock down" accounts like this is general...but I could not find answers anywhere in my brief search.)
Here's what I've come up with thus far, as a cmdline procedure (run as root):
useradd -s /dev/null cronjobs
rm -rf /home/cronjobs
passwd -d cronjobs
echo 'DenyUsers cronjobs' >> /etc/ssh/sshd_config
service sshd reload
crontab -u cronjobs -e # Edit the crontab
Is this a valid approach? Am I missing anything?
Does the 'passwd -d' effectively deny any password-based logins? (The manpage on my RH9 system is a little ambiguous.)