Non-root users are unable to run cronjobs with custom PAM crond configuration on Red Hat Enterprise Linux 5

Solution Verified - Updated -

Issue

  • Cron not working for anything but root. It used to work. When cron jobs run, the following error is seen:
crond[32356]: Permission denied
crond[32356]: CRON (oracle) ERROR: failed to open PAM security session: Bad file descriptor
crond[32356]: CRON (oracle) ERROR: cannot set security context
crond[32368]: pam_access(crond:account): access denied for user `oracle' from `cron'

Environment

  • Red Hat Enterprise Linux 5 (RHEL5)
  • PAM (Pluggable Authentication Modules) changed for some services from defaults to reference different lists in /etc/security/access*.conf
  • List of users that should have access to run cronjobs is stored in /etc/security/access-cron.conf:
$ cat /etc/security/access-cron.conf 
root
patrol3
oracle
drm1usr
  • PAM configuration is the default:
$ cat /etc/pam.d/crond
#
# The PAM configuration file for the cron daemon
#
#
auth       sufficient pam_env.so
auth       required   pam_rootok.so
auth       include    system-auth
account    required   pam_access.so
account    include    system-auth
session    required   pam_loginuid.so
session    include    system-auth

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In