at.allow man page
at.allow, at.deny — determine who can submit jobs via at or batch
The /etc/at.allow and /etc/at.deny files determine which user can submit commands for later execution via at(1) or batch(1).
The format of the files is a list of usernames, one on each line. Whitespace is not permitted.
If the file /etc/at.allow exists, only usernames mentioned in it are allowed to use at.
If /etc/at.allow does not exist, /etc/at.deny is checked, every username not mentioned in it is then allowed to use at.
An empty /etc/at.deny means that every user may use at.
If neither exists, only the superuser is allowed to use at.
at(1), cron(8), crontab(1), atd(8).
The man page at.deny(5) is an alias of at.allow(5).