LFCS Question #300: Real Exam Question with Answer & Explanation

Question

To prevent a specific user from scheduling tasks with at, which of the following should the administrator do?

Options

• AAdd the specific user to /etc/at.allow file.
• BAdd the specific user to [deny] section in the /etc/atd.conf file.
• CAdd the specific user to /etc/at.deny file.
• DAdd the specific user to nojobs group.
• ERun the following: atd --deny [user].

Explanation

To prevent a specific user from scheduling tasks using the at command, their username should be added to the /etc/at.deny file.

Common mistakes.

• A. Adding a user to /etc/at.allow would grant them permission to use at, not deny them, assuming /etc/at.allow exists and takes precedence.
• B. There is no standard [deny] section in /etc/atd.conf for directly denying users access to at jobs; user access is controlled by at.allow and at.deny files.
• D. There is no standard nojobs group that specifically controls at access; at access is managed via the at.allow and at.deny configuration files.
• E. atd is the daemon that runs at jobs, and --deny is not a standard option for atd to deny a specific user's scheduling capability; user access is managed through configuration files.

Concept tested. at command user access control

Reference. https://manpages.ubuntu.com/manpages/jammy/en/man1/at.1.html

No community discussion yet for this question.