> correctly, it requires write access to exploit to the directory > to exploit. Thus, the following entry in cron.daily/standard > is acceptable and I should leave it in, right? Yes, as long as users have no write access to the directory or anything below it, it should be safe. /var/spool/cron/crontabs is mode 700 owned by root - no problem. Marek