Enable cron for a locked account in Linux

In some environments, there are times when locked application/databases accounts need to run some cron jobs. In linux, by default, a locked account can not run the cron job.

We can enable this  by editing a specific setting is disabled in /etc/pam.d/crond file. 

Here is the details:

# cat /etc/pam.d/crond 

# The PAM configuration file for the cron daemon
auth       sufficient pam_rootok.so
auth       required   pam_stack.so service=system-auth
auth       required   pam_env.so
account    required   pam_stack.so service=system-auth
# account    required   pam_access.so
session    required   pam_limits.so
session    required   pam_loginuid.so

This example is working in Redhat Linux. In the /etc/pam.d/crond file, if we disable "account required pam_access.so" line the cron started working again for the locked account as well.

Share this

Related Posts

Next Post »

What do you think about this Article? Add your Opinion..! EmoticonEmoticon