The file /etc/at.deny should not exist. Use /etc/at.allow instead.
Access to at should be restricted. It is easier to manage an allow list than a deny list.
The at and batch commands can be used to
schedule tasks that are meant to be executed only once. This allows delayed
execution in a manner similar to cron, except that it is not
recurring. The daemon atd keeps track of tasks scheduled via
at and batch, and executes them at the specified time.
The atd service can be disabled with the following command:
$ sudo systemctl mask --now atd.service
The atd service could be used by an unsophisticated insider to carry out activities outside of a normal login session, which could complicate accountability. Furthermore, the need to schedule tasks with at or batch is not common.