My user "craig" is in the /etc/sudoers file on my CentOS 5.6 VM, however when I try to access the crontab using the command below I am presented with an error message:

sudo crontab -e -u crmpicco-stock-dev
[sudo] password for craig:
Sorry, user craig is not allowed to execute '/usr/bin/crontab -e' as root on dev.localdomain.

Why do I get this message as I can see in my /etc/sudoers file that I can access the crontab requested.

Here is the entry from my /etc/sudoers file:

craig   ALL=(crmpicco-stock-dev) /usr/bin/crontab, /var/spool/cron/crmpicco-stock-dev

3 Answers 3


The specification ALL=(crmpicco-stock-dev) /usr/bin/crontab means that on ALL hosts, you are allowed to run /usr/bin/crontab as the user crmpicco-stock-dev. This does not mean that sudo will, whenever you try to run /usr/bin/crontab, automatically select to do so as crmpicco-stock-dev - the default is still root, which the config disallows, and the error message gives it away: Sorry, user craig is not allowed [...] as root.

Try running sudo -u crmpicco-stock-dev crontab -e. That will tell sudo that you want to be crmpicco-stock-dev and invoke /usr/bin/crontab, whch should be allowed; crontab -e will by default try to edit the crontab of the current user - which will be crmpicco-stock-dev, so you don't need to specify that again.

Putting the -u crmpicco-stock-dev after the first non-option, sudo will assume it's part of the command you want to run, and ignore it. The whole line looks similar, but means something very different.


Can you try to do :

sudo crontab -u crmpicco-stock-dev -e

From the man page this seem the correct order.

Best Regards

  • No, this produces the same error. So I don't think the order matters here. [craig@dev53 dev_crmpicco]$ sudo crontab -u crmpicco-stock-dev -e [sudo] password for craig: Sorry, user craig is not allowed to execute '/usr/bin/crontab -u crmpicco-stock-dev -e' as root on dev.localdomain.
    – crmpicco
    Commented Dec 20, 2012 at 17:03
  • An alternative could be to run: sudo su -c "crontab -e" crmpicco-stock-dev
    – ricciocri
    Commented Dec 20, 2012 at 17:19
  • Same again, unfortunately. Sorry, user craig is not allowed to execute '/bin/su -c crontab -e crmpicco-stock-dev' as root on dev.localdomain.
    – crmpicco
    Commented Dec 20, 2012 at 17:22
  • Have you changed /etc/sudoers to allow craig to execute /bin/su ?
    – ricciocri
    Commented Dec 20, 2012 at 17:39
  • I have editedmy sudoers file with visudo to include the line Cmnd_Alias SU = /bin/su, there is no mention of the craig user in the file. Should adding the command alias line open it up for all users? After adding this line there has been no change to the problem - i'm still unable to access the crmpicco-stock-dev crontab with the craig user. Anything else I can try?
    – crmpicco
    Commented Jan 7, 2013 at 11:44

I believe that you are going to have to contact your system administrator to help you in debugging the problem. I suspect that it is some type of artifact from either the setuid() or seteuid() calls in sudo and the fact that you are calling a SUID program. I've seen this before and it is most frustrating to fix.

How I might start to fix it is by trying to put the crontab call in an executable wrapper program with no special perms itself and using sudo to call the wrapper program instead.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .