Sunday, January 23, 2011

Enable cron for a locked account in Linux

In some environments, there are times when locked application/databases accounts need to run some cron jobs. In linux, by default, a locked account can not run the cron job.

We can enable this by editing a specific setting is disabled in /etc/pam.d/crond file.

Here is the details:


# cat /etc/pam.d/crond


#
# The PAM configuration file for the cron daemon
#
auth sufficient pam_rootok.so
auth required pam_stack.so service=system-auth
auth required pam_env.so
account required pam_stack.so service=system-auth
# account required pam_access.so
session required pam_limits.so
session required pam_loginuid.so

This example is working in Redhat Linux. In the /etc/pam.d/crond file, if we disable "account required pam_access.so" line the cron started working again for the locked account as well.