====== FTP only shell ======


==== ftponly.sh ====

This shell only allows ftp access, an alert message is sent if an interactive login is attempted. This needs adding to /etc/shells to be a valid shell.


  #!/bin/bash
  #/bin/ftponly.sh
  #Written by Andrew Stringer ages ago.
  #Use this script as a login shell for users where you don't want shell access,
  #ie. ftp only users on a webserver.
  #You will probably have to add this to the /etc/shells file to have the system use it.
  
  TERM=vt100
  export TERM
  
  #Set this to point to where policy queries should be sent.
  ADMIN=sean.mcgivern@igt.com
  #Set this to the alert recipient.
  MAILTO=ww-noc@igt.com
  
  #This may have to be modified to suit how your system defines itself.
  SYSTEM='gy-asp-cms01.gyprod.int.igt.com'
  NOW=`date +%c`
  
  MSG=/tmp/ftpmsg.txt
  echo "${LOGNAME}@${REMOTEHOST}${SSH_CLIENT} has attempted access to a shell on gy-asp-cms01 at ${NOW}." > ${MSG}
  
  
  clear
  echo "$TODAY ${LOGNAME}@${REMOTEHOST} ${SSH_CLIENT}" >>/var/log/shellaccess.log
  echo
  echo "*************************************************************************"
  echo " "
  echo "   It is $NOW"
  echo " "
  echo "   Sorry, ${LOGNAME}@${REMOTEHOST}${SSH_CLIENT}, you are not allowed"
  echo "   interactive access to reports-ftp.rgsgames.com."
  echo " "
  echo "   This access attempt has been logged by username, date and hostname."
  echo " "
  echo "   FTP User accounts are restricted to ftp access."
  echo " "
  echo "   Direct questions concerning this policy to ${ADMIN}."
  echo " "
  echo "*************************************************************************"
  echo
  
  #send alert mail
  /bin/mail ${MAILTO} -s "Login attempt to ftp only account" < ${MSG}
  
  rm ${MSG}
  
  sleep 10
  
  exit 0


==== Example /etc/passwd entry ====