Crontab command cannot be executed. Error PAM configurations

Question

Here's the command that I would like to execute but it seems not to work.

[mdubois@veloce ~]$ crontab -l

Autorisation refusée
You (mdubois) are not allowed to access to (crontab) because of pam configuration.

below is my /etc/pam.d/crond file content

#
# The PAM configuration file for the cron daemon
#
#
# No PAM authentication called, auth modules not needed

account    required   pam_access.so
account    include    password-auth
session    required   pam_loginuid.so
session    include    password-auth
auth       include    password-auth

I cannot detect the error because it doesn't appear on the log file of the crontab

    [root@veloce ~]# tail -f /var/log/cron
Jul  2 16:01:01 veloce CROND[7482]: (root) CMD (run-parts /etc/cron.hourly)
Jul  2 16:01:01 veloce run-parts(/etc/cron.hourly)[7482]: starting 0anacron
Jul  2 16:01:01 veloce run-parts(/etc/cron.hourly)[7491]: finished 0anacron
Jul  2 16:10:01 veloce CROND[8611]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul  2 16:20:01 veloce CROND[9940]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul  2 16:26:45 veloce crond[10807]: (CRON) STARTUP (1.4.4)
Jul  2 16:26:45 veloce crond[10807]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 71% if used.)
Jul  2 16:26:45 veloce crond[10807]: (CRON) INFO (running with inotify support)
Jul  2 16:26:45 veloce crond[10807]: (CRON) INFO (@reboot jobs will be run at computer's startup.)
Jul  2 16:30:01 veloce CROND[11312]: (root) CMD (/usr/lib64/sa/sa1 1 1)

I'm running RedHat 6.6 Santiago on my server.

It would be great if someone could help me. Thanks in advance.

PS: I have already included the user id in the /etc/cron.allow file

score 1 · Answer 1 · answered Jan 21 '16 at 15:02

I had the same issue and solved just login directly with the user (in my case, using Putty).

Before the first login, tried changing access.conf and didn't work.

Just after add a password to the user and changed you shell to bash that solved my PAM configuration error, so I can finnally return the user to a non-shell and with su userInTrouble from root user I could made changes in cron with crontab -e

I'm using Centos 7 with Selinux in Permissive mode.

score 0 · Answer 2 · answered May 03 '17 at 17:05

0

If you are using FreeIPA you will need to create a Host-Based Access Control (HBAC) rule in order to allow the user to access the crond service on that host.

See Defining Host-Based Access Control Rules for specific details.

answered May 03 '17 at 17:05

cherdt

191

score 0 · Answer 3 · edited Mar 06 '19 at 06:10

Check if user's authentication token expired

sudo chage -l user
Last password change                                : Nov 29, 2018
Password expires                                    : Feb 27, 2019
Password inactive                                   : never
Account expires                                     : never
Minimum number of days between password change      : 7
Maximum number of days between password change      : 90
Number of days of warning before password expires   : 7

Change the user password expires

sudo chage -I -1 -m 0 -M 99999 -E -1 user

Hope this works

score 0 · Answer 4 · answered Jul 02 '15 at 15:00

You need to allow the user to use crontab by modifying the file /etc/security/access.conf.

Insert these two lines

  # Allow the dubois user to run cron jobs
  +: dubois : cron crond :0

in the above mentioned file, above these two lines:

  # Deny all other users access by any means.
  -: ALL : ALL

which block all other users. Make sure you reboot your machine, afterwards.

Crontab command cannot be executed. Error PAM configurations

4 Answers4