Quoting That Funky Chick (bertha(_at_)polly(_dot_)mhn(_dot_)org):
I've checked to make sure ksh is in the /bin directory (it is). I'm
working on the assumption that procmail can't execute ksh because the
permissions are all set to root, and if I set its executable permissions to
global I can run it.
I know how to do that--my question is whether this is safe to do. Being
relatively inexperienced with Linux/Unix, I'm concerned that giving global
access to ksh might be a security problem
Shells aren't necessarily dangerous; the only risk occurs when you
let users access the shell. Set the login shell to /bin/false or
somesuch for the users you don't want to allow in and make ksh 555.
I'm surprised that you haven't broken a lot of things if ksh is the
default shell and you've disabled it, or is mail the only thing this
machine does? If that's the case, another option would be to set the
procmail shell to smrsh or another restricted shell, which allows only
selected programs to be run.
--
Michael Stone, Sysadmin, ITRI PGP: key 1024/76556F95 from mit keyserver,
mstone(_at_)itri(_dot_)loyola(_dot_)edu finger, or email with
"Subject: get pgp key"