at - pyllyukko/harden.yml GitHub Wiki
Out of the box, at
works in such a way that it's SUID&SGID daemon (default perms is 6755
):
-rwsr-sr-x daemon/daemon 50456 2010-07-28 12:49 usr/bin/at
When a user runs the at
command to schedule something, at writes that to /var/spool/atjobs/
:
-rwx------ 1 pyllyukko daemon 4741 Dec 7 09:37 /var/spool/atjobs/a00008016899aa
at
supports access control through /etc/at.{allow,deny}
. The default is, that there is a blacklist of users in /etc/at.deny
.