Table of Contents
FTP only shell
ftponly.sh
This shell only allows ftp access, an alert message is sent if an interactive login is attempted. This needs adding to /etc/shells to be a valid shell.
#!/bin/bash #/bin/ftponly.sh #Written by Andrew Stringer ages ago. #Use this script as a login shell for users where you don't want shell access, #ie. ftp only users on a webserver. #You will probably have to add this to the /etc/shells file to have the system use it. TERM=vt100 export TERM #Set this to point to where policy queries should be sent. ADMIN=sean.mcgivern@igt.com #Set this to the alert recipient. MAILTO=ww-noc@igt.com #This may have to be modified to suit how your system defines itself. SYSTEM='gy-asp-cms01.gyprod.int.igt.com' NOW=`date +%c` MSG=/tmp/ftpmsg.txt echo "${LOGNAME}@${REMOTEHOST}${SSH_CLIENT} has attempted access to a shell on gy-asp-cms01 at ${NOW}." > ${MSG} clear echo "$TODAY ${LOGNAME}@${REMOTEHOST} ${SSH_CLIENT}" >>/var/log/shellaccess.log echo echo "*************************************************************************" echo " " echo " It is $NOW" echo " " echo " Sorry, ${LOGNAME}@${REMOTEHOST}${SSH_CLIENT}, you are not allowed" echo " interactive access to reports-ftp.rgsgames.com." echo " " echo " This access attempt has been logged by username, date and hostname." echo " " echo " FTP User accounts are restricted to ftp access." echo " " echo " Direct questions concerning this policy to ${ADMIN}." echo " " echo "*************************************************************************" echo #send alert mail /bin/mail ${MAILTO} -s "Login attempt to ftp only account" < ${MSG} rm ${MSG} sleep 10 exit 0