I have two users: user1 and user2
user1 is added to /etc/cron.allow
But when I run crontab with the -u option, I get :
user1@hostname:~$ crontab -l -u user2
must be privileged to use -
Is it possible to grant this crontab -u permissions for a user without giving him sudo rights?
You can grant sudo access to just that particular command. For example, the following rule...
testuser1 ALL=(ALL) NOPASSWD: /usr/bin/crontab -l -u *
Would let testuser run crontab -l -u <someuser>. E.g, these all work:
[testuser1@fedora ~]$ sudo crontab -l -u testuser1
no crontab for testuser1
[testuser1@fedora ~]$ sudo crontab -l -u testuser2
no crontab for testuser2
[testuser1@fedora ~]$ sudo crontab -l -u root
no crontab for root
But other commands fail:
[testuser1@fedora ~]$ sudo crontab -l
[sudo] password for testuser1:
Sorry, user testuser1 is not allowed to execute '/usr/bin/crontab -l' as root on fedora.
[testuser1@fedora ~]$ sudo date
[sudo] password for testuser1:
Sorry, user testuser1 is not allowed to execute '/usr/bin/date' as root on fedora.
Etc.
To grant these permissions to multiple users, consider creating a group (e.g., cronpeople), and then using that in your sudoers configuration:
%cronpeople ALL=(ALL) NOPASSWD: /usr/bin/crontab -l -u *
You can replace %cronpeople with ALL if you want all users to have these privileges.
