At the console the user receives this message:
You (tibco) are not allowed to access to (crontab) because of pam configuration.
seaudit log shows a denial based on the Surrogate rule indicating no such rule
28 Jan 2020 14:46:16 D SURROGATE tibco Read 69 2 USER.root /usr/bin/crontab lvntest004437 (OS user) tibco
Release : 12.8, 14.0, 14.1
Component : PRIVILEGED ACCESS MANAGEMENT SC
seos protects UID impersonation through the SURROGATE rule. The crontab executable uses a SETUID flag to allow users to use cron jobs as root user. This change in the UID is flaged and protected
[[email protected] ~]$ ls -la /usr/bin/crontab
-rwsr-xr-x. 1 root root 57664 Nov 5 2018 /usr/bin/crontab
Add a rule for all users. This does not override any system rules,
authorize SURROGATE ('USER.root') access(READ) id('*') via(pgm('/usr/bin/crontab*'))