[Freeipa-users] Permission for root running cron task as a different user
Rob Crittenden
rcritten at redhat.com
Fri Aug 22 01:33:52 UTC 2014
William Muriithi wrote:
> Evening,
>
> Came across a problem where a cron job I had setup last night seemed not
> to run. On further investigation, I noticed FreeIPA must be pushing a
> policy that block cron task that adopt a different user than the one its
> set under.
>
> I am certain its FreeIPA related as I have a system that's not enrolled
> and the task run fine there.
>
> Now, this is curiosity sake as I solved the problem using groups, but
> how would one allow root to schedule a job that run as non root?
>
> * 4 * * * williamm /usr/local/bin/some-script.sh
>
> Aug 21 14:06:02 muriithi crond[6621]: (williamm) FAILED to authorize
> user with PAM (Permission denied) Aug 21 14:07:01 wmuriithi crond[6625]:
> (williamm) FAILED to authorize user with PAM (Permission denied) Aug 21
> 14:08:01 wmuriithi crond[6628]: (williamm) FAILED to authorize user with
> PAM (Permission denied)
You probably need to grant access via HBAC rules.
rob
More information about the Freeipa-users
mailing list