#!/bin/sh

# This script restricts shell access to privileged users. The "template shell"
# option in the '/etc/samba/smb.conf' file should be set to call this wrapper. 

# Get group memberships for this user.
BFN_ID=$(/usr/bin/id)

# Grant shell access to users that are in the local wheel group.
if /bin/echo "$BFN_ID" | /bin/grep '[=,][0-9]\+(wheel)' > /dev/null
then
	exec /bin/bash --login "$@"
fi

# Grant shell access to users that are in the domain administrators group.
if /bin/echo "$BFN_ID" | /bin/grep '[=,][0-9]\+(Domain Admins)' > /dev/null
then
	exec /bin/bash --login "$@"
fi

# Else print a notice and just exit.
echo "Shell access to this computer is disabled."

# eof