ports//ftp/moftpd/work/moftpd-1.2.3/docs/access

#!/bin/sh

# $moftpd: access_script.sh 1251 2005-03-06 22:24:29Z morth $

# An example access script. Consider this in the public domain.
# The access script/app may potentially hang the ftp server, so create it
# with care.
# You need to reply exactly once to each query and it has to be one of the
# strings ALLOW, REQUIRE or DENY (not case sensitive though). If you reply
# with something else, DENY is assumed. moftpd will sleep waiting for a reply
# so make sure you do reply. REQUIRE is only valid for encrypted and signed.

# Also it should be reasonably fast since it will be called a lot, especially
# if the client uses MLSD with the perm fact enabled.
# If the script/app exits all further requests will be denied, which means
# the client will be kicked out on the next command due to inaccessible root
# directory.

# The path will be the shell default, so fix it up some.
PATH=/usr/local/bin:/usr/bin:/bin
export PATH

# The first argument is the user, the second is the account, but it will only
# be available if you've used a login script requesting an account (that's
# the only way moftpd will request an account currently).
user=$1
acct=$2

# Loop forever waiting input on stdin.
while true; do
  # First line is the path relative to the user's root, regardless if faked or
  # not. It will start with a /
  read path
  if test -z "$path"; then
    # A null path means moftpd has closed the file handle and we should exit.
    # You'll get an EOF if you use a real program.
    exit 0
  fi
  # The second line is the flags to test. It's one or more of the ones in
  # Allow and Deny in the <directory> config option accept, in lowercase,
  # separated by a space.
  read flags
  
  # Default to read but check for any "write" flags.
  mode=read
  for i in $flags; do
    case $i in
    create*|append|overwrite|delete|rename)
      # moftpd will not mix write and read flags, nor will it read
      # security flags with anything else, but it doesn't hurt to check.
      if test "$mode" = "read"; then
        mode=write
      fi
      ;;
    encrypted|signed)
      mode=secure
      ;;
    esac
  done
  if test "$acct" = "foo"; then
    # Mr Foo can do anything.
    echo ALLOW
  elif test "$mode" = "secure"; then
    # Allow security.
    echo ALLOW
  elif test "$mode" = "read"; then
    # Allow reading.
    echo ALLOW
  else
    # Deny writing.
    echo DENY
  fi
done
syntax highlighted by Code2HTML, v. 0.9.1