diff --git a/chkcrontab_lib.py b/chkcrontab_lib.py
index 344dbd7..090953f 100755
--- a/chkcrontab_lib.py
+++ b/chkcrontab_lib.py
@@ -76,6 +76,7 @@
 import pwd
 import re
 import string
+import stat
 
 
 # The following extensions imply further postprocessing or that the slack
@@ -1099,6 +1100,12 @@ def check_crontab(arguments, log):
       log.Warn('Cron will not process this file - its name must match'
                ' [A-Za-z0-9_-]+ .')
 
+  # check file permissions should not have g+w
+  st=os.stat(arguments.crontab)
+  if bool(st.st_mode & stat.S_IWGRP):
+    log.Error('Cron will not process this file - it has group write '
+              'permission. Use "chmod g-w %s"' % arguments.crontab)
+
   line_no = 0
   cron_line_factory = CronLineFactory()
   with open(arguments.crontab, 'r') as crontab_f:
diff --git a/tests/test_check.py b/tests/test_check.py
index 642f7fc..e2f0edc 100755
--- a/tests/test_check.py
+++ b/tests/test_check.py
@@ -349,6 +349,10 @@ def testCheckBadWithUserLookup(self):
     args.check_passwd = False
     self.CheckACrontab(args)
 
+  def testCheckWrongPermissions(self):
+    args = type("", (), {})()
+    args.crontab = os.path.join(BASE_PATH, 'test_crontab.permissions')
+    self.CheckACrontab(args)
 
 if __name__ == '__main__':
   result = unittest.main()
diff --git a/tests/test_crontab.permissions b/tests/test_crontab.permissions
new file mode 100644
index 0000000..e83c994
--- /dev/null
+++ b/tests/test_crontab.permissions
@@ -0,0 +1,2 @@
+# WARN 1 for filename issue.
+# FAIL 1 for writable permissions by group