How to fix a crontab access issue with a pam configuration error message?

Question

I attempted to access my crontab as the non-root user "coins" when I encountered a permissions issue as shown in the following error message mentioning the pam configuration:

[coins@COINS-TEST ~]$ crontab -l

Authentication service cannot retrieve authentication info You (coins) are not allowed to access to (crontab) because of pam configuration.

What's the most common fix for this crontab access issue?

geedoubleya · Answer 1 · 2016-10-05T14:00:49.790

You need to enable the user to use cron in the login access control table file /etc/security/access.conf
Use the following entry which will allow the coins user to run cron jobs:

# Allow the coins user to run cron jobs
+: coins : cron crond :0

Ensure it is above the last entry:

# Deny all other users access by any means.
-: ALL : ALL

As this entry denies (-) access from all sources to all other users not previously mentioned in the file.

Also Note
Expired accounts get the same error message as accounts not allowed.
Please check the account that's denied to see if it is expired:

chage -l accountname

score 5 · Answer 2 · answered Aug 13 '14 at 14:33

5

You might check what's in here:

/etc/cron.allow

and also see if selinux is running and causing the problem. Poking around /var/log/messages or syslog is recommended.

answered Aug 13 '14 at 14:33

kokoto

166

score 1 · Answer 3 · answered Dec 19 '24 at 13:27

I reach this problem also while configuring crond on an Ericsson ePG - which didn't had crond at all in the first place.

Ok, back to the reported problem, pam and crontab I've created/edited file /etc/pam.d/crond, to obtaint following content:

#
# The PAM configuration file for the cron daemon
#
#
auth       sufficient pam_env.so
auth       required   pam_rootok.so
auth       include    system-auth
account    required   pam_access.so
account    include    system-auth
session    required   pam_loginuid.so
session    include    system-auth

PS: Very important was the "sufficient" vs "required" on the first uncommented line.

score -1 · Answer 4 · answered Sep 23 '14 at 05:03

If you have sudo access, you can work around this with:

$ sudo crontab -u `whoami` -l

For a permanent solution with above, create an alias in your .bashrc:

alias crontab='sudo crontab -u `whoami`'

After adding the alias, open new terminal and try running the crontab command again:

$ crontab -l

How to fix a crontab access issue with a pam configuration error message?

4 Answers4