Results 1 to 4 of 4

Thread: Cron job 'permission denied'

  1. #1

    Default Cron job 'permission denied'


    After an upgrade to opensuse 11.3 from 11.2 it turns out that cron uses pam for authentication. Now I have one user 'mythtv' which does not have a login and is not part of the 'users' group. This user is being denied access (permission denied messages in /var/log/messages from crond).

    Now, I have been experimenting with the /etc/pam.d/crond config file. I wanted to use the pam_listfile module to grant access to this specific user without authentication. That however didn't work and I have now narrowed down the problem even more.

    When I use this for my crond file
    auth sufficient
    auth sufficinet
    I still get messages in /var/log/messages like this:

    Jan  5 13:05:01 shikra /usr/sbin/cron[11243]: pam_warn(crond:account): function=[pam_sm_acct_mgmt] service=[crond] terminal=[cron] user=[mythtv] ruser=[<unknown>] rhost=[<unknown>]
    I even tried removing the first entry in crond for
    and in that case even cron jobs from the root user fail. This is strange as should allow access no matter what.

    What could be the problem here?


  2. #2

    Default Re: Cron job 'permission denied'

    I have solved the problem. The idea was to use non-authenticated access so I had to use 'account' instead of 'auth' in the pam config file.

    My crond config file now looks like this:
    # The PAM configuration file for the cron daemon
    auth     sufficient
    account  sufficient item=user sense=allow file=/etc/cron.allow onerr=succeed
    #account   sufficient
    auth     include        common-auth
    account  include        common-account
    password include        common-password
    session  required
    session  include        common-session
    The only line added here is the rule. This one grants access to all users defined in the /etc/cron.allow file. I have added the mythtv user to that file and now my cron jobs are working again.

    Perhaps this extension would be useful to add in the standard distribution (or something like it) as it allows a bit more control over cron and is more in line with how it used to work.


  3. #3

    Default Re: Cron job 'permission denied'

    In fact, a similar issue occurs with mailman so I had to add the user to the /etc/cron.allow file as well.

    Also filed a bug for this:

  4. #4
    Join Date
    Jun 2008
    Earth - Denmark

    Default Re: Cron job 'permission denied'

    ErikEngerd wrote:

    > Also filed a bug

    good work!
    thanks for following through with the solution AND the bug!!

    CAVEAT: [posted via NNTP w/openSUSE 10.3]
    Programming: a race between software engineers building bigger/better
    idiot-proof programs, and the universe building bigger/better idiots.
    So far, the universe is winning. Rick Cook

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts