There are two ways depending on how locked down it must be.
If it ok that the people logging in have access to the script, you can put it in
~/.ssh/rc on the server in their account(s) and make sure to enable
PermitUserRC in
sshd_config.
If the people logging in should not have write access to the script, the easy way is to call it from
/etc/ssh/sshrc
See the manual page in the section "SSHRC" for details.
As far as I know, you'll have the following environment variables available to the script. For group, you'd have to calculate that from $LOGNAME or $USER
LOGNAME
HOME
SSH_TTY
MAIL
SSH_CLIENT
PATH
SHELL
TERM
SSH_CONNECTION
USER
So you could make a case statement matching accounts that need customized scripts.