From 034769266112044d9441b5159c1f726f90a7a17e Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Mon, 12 May 2025 14:23:56 +0100
Subject: [PATCH] added fix for #33 thanks to @WhiteRoseLK

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_2/cis_2.4.1.x.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_2/cis_2.4.1.x.yml b/tasks/section_2/cis_2.4.1.x.yml
index a81990b..d32bf66 100644
--- a/tasks/section_2/cis_2.4.1.x.yml
+++ b/tasks/section_2/cis_2.4.1.x.yml
@@ -154,5 +154,5 @@
       ansible.builtin.file:
         path: /etc/cron.allow
         owner: root
-        group: root
+        group: '{{ (discovered_cron_allow_status.stat.gr_name == "crontab") | ternary(omit,"root") }}'
         mode: 'u-x,g-wx,o-rwx'