Stephane Bortzmeyer wrote,
On Thursday 6 February 97, at 11 h 22, the keyboard of "Tony Zamora"
<zamora(_at_)VNET(_dot_)IBM(_dot_)COM> wrote:
would like procmail to run programs using pagsh rather than /bin/sh.
We looked at the code to figure out what we should change, but the
code is rather frightening. What do we need to do?
You need to read the man page before the source code.
Been there, done that. We need something different.
SHELL=/bin/csh
# Nice csh redirection
:0
| dosomething >& foobar
If we put
SHELL=/usr/afsws/bin/pagsh
in /etc/procmailrc, the user can override this by putting
SHELL=/bin/sh
in their .procmailrc
What we want is for them either not to be able to override this or
(better) guarantee that /usr/afsws/bin/pagsh runs first. Procmail is
running with an AFS token that lets it write to the user's mailbox.
We want to make sure that procmail loses its token whenever the user
starts a program from .procmailrc. Running pagsh guarantees that
the shell command will run without a token. But this is no good if
the user can reset things so pagsh doesn't run.
What do we need to do?
Thanks,
Tony