Philip Guenther wrote,
Assuming that pagsh takes the -c argument like normal shells (or passes
it on to a real shell), I think that only two changes are necessary:
Thanks! This worked great!
BTW: why do you want to do this?
It's to avoid a security issue. We deliver mail to mailboxes in
users' home directories (stored in AFS). In order to be able to write
to the mailbox, we have to run procmail with an AFS token for a
principal called "postman." Postman has access rights to the users'
mail directories. We want to avoid users being able to run arbitrary
programs with a postman token. By running pagsh, they can still use
whatever programs they want to process their mail (as long as it works
as a filter), and we don't have to worry about them messing with
someone else's mailbox.