Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

How to enable cron access for any user in Solaris 11

Some users, for example "webservd", are not allowed to use cron in Solaris.
When studying the man pages, one it is easy to be misleaded to look into the /etc/cron.d cron.allow and cron.deny files for resolution.

Panel
Warning - Invalid account: 'webservd' not allowed to execute cronjobs

But this is caused by a flag in /etc/shadow:

Panel
webservd:LK:15759::::::12351

The LK flag disallows cron usage.

Panel

See "passwd -n" vs. "passwd -l".

See "man passwd":

Panel

Security
passwd uses pam(3PAM) for password change. It calls PAM with
a service name passwd and uses service module type auth for
authentication and password for password change.
Locking an account (-l option) does not allow its use for
password based login or delayed execution (such as at(1),
batch(1), or cron(1M)). The N option can be used to disal
low password based login, while continuing to allow delayed
execution.
locked accounts that have never had a password and no login
accounts cannot have their status changed directly to an
active password. See -d. Changing a password on a locked
account that had a password prior to being locked, changes
the password without unlocking the account. See -u to unlock
the account. An authorized administrator can activate an
account in the not yet activated state by giving it a pass-
word.
An account can become locked following inactivity. To unlock
such an account use the u or -f options. With -u, the pass
word is not changed; the use of -f forces a password change.

To resolve:

Panel
root@amp1:~# passwd -s webservd
WARNING: changing account in reserved uid range: webservd.
webservd LK
root@amp1:~# passwd -d webservd
WARNING: changing account in reserved uid range: webservd.
passwd: password information changed for webservd
root@amp1:~# passwd -N webservd
WARNING: changing account in reserved uid range: webservd.
passwd: password information changed for webservd
root@amp1:~# passwd -s webservd
WARNING: changing account in reserved uid range: webservd.
webservd NL