Puppet Class: lsys::hardening::cron

Defined in:
manifests/hardening/cron.pp

Summary

Allow to use crontabs to specified user

Overview

Running cron jobs can be allowed or disallowed for different users. For this purpose, use the cron.allow and cron.deny files. If the cron.allow file exists, a user must be listed in it to be allowed to use cron. If the cron.allow file does not exist but the cron.deny file does exist, then a user must not be listed in the cron.deny file in order to use cron. If neither of these files exists, only the super user is allowed to use cron.

Examples:

include lsys::hardening::cron

Parameters:

  • users_allow (Array[String]) (defaults to: ['root']) 


15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'manifests/hardening/cron.pp', line 15

class lsys::hardening::cron (
  Array[String] $users_allow = ['root'],
) {
  $content = join($users_allow, "\n")

  file { '/etc/cron.allow':
    ensure  => file,
    owner   => root,
    group   => root,
    mode    => '0640',
    content => "${content}\n",
  }

  file { '/etc/cron.deny':
    ensure => absent,
  }
}