Background
No, cron
does not work the way you assume it does.
The cron
daemon reads its crontabs from two places:
- System-wide
/etc/crontab
; - Per-user crontabs.
There's no concept of per-group-of-users crontabs.
Solution
Debian has customized cron
which allows to do what you need relatively easily. To cite the cron(8)
manual page:
Additionally, in Debian,
cron
reads the files in the/etc/cron.d
directory. cron treats the files in/etc/cron.d
as in the same way as the/etc/crontab
file (they follow the special format of that file, i.e. they include the user field). However, they are independent of/etc/crontab
: they do not, for example, inherit environment variable settings from it. This change is specific to Debian see the note under DEBIAN SPECIFIC below.
Hence I would do the following:
Create a dedicated group for your group of users. Let's assume it's "mycrontab".
Add your three users into that group.
Create a file under
/etc/cron.d
and make it be owned byroot:mycrontab
and has permission bits set to0660
orrw-rw-r--
, that is, read/write access to the userroot
and groupmycrontab
and read access to everyone else.Teach your users about where to locate this file and the rules about its format (those could be placed in the file in the form of comments).
Note that you might need to figure out how to handle sending mails to all your users. I'd check if it's OK to set the MAILTO
environment variable obeyed by cron
to a comma-separated list of e-mail addresses first (like joe@domain.lan,jane@domain.lan,jill@domain.lan
) or, failing that, you'd probably need to set up a mail alias either in your local MTA or the MTA receiving mails generated by cron
on your system, and use the value of this alias for the MAILTO
variable.
All in all, please give the cron(8)
and crontab(5)
manual pages at least a cursory glance.
…and please remove your users from the crontab
group!