I found myself unable to activate the crontab for non-root users on the new Exadata server that was recently installed.
$ crontab -e
You (oracle) are not allowed to use this program (crontab)
See crontab(1) for more information
I checked the usual suspects /etc/cron.allow and /etc/cron.deny and they were all configured correctly. I spent a further half hour or so messing around with /etc/security/access and pam_access in cron.
Had Oracle simply disabled cron entirely on their Exadata machine? That would be unusual but not entirely unfeasable. Oracle often do stupid shit like that.
A search through the Oracle knowledgebase eventually turned up a solution as to why users could not use crontab:
stickysetuid bit was not set on
/usr/bin/crontab, so no non-root user could execute the command.
chmod +s /usr/bin/crontab sorted it all out.