A newbie reply, of course it will show.
Sorry, this information is not what you want, but thought it might lead to something useful.
I think the login must be granted. But you can put a startup file to log them out (echo "exit" >> $HOME/.bashrc) , or try not granting /bin/bash as the startup shell (a startup shell is not needed except when the users is in a telnet, rsh, or local login, ftp doesn't need a shell prompt like bash)
I've found the opposite of what you wanted (a way to deny users ftp access). A list of users who may not login through the ftp command is contained in /etc/ftpusers (search documentation for ftpusers)
I found one idea on the internet, where the list of users in /etc/passwd (field 1 or username field whereever that is, assumed fields are seperated by colons)
cut -d: -f1 /etc/passwd > /tmp/users.txt && grep -v 'GOODUSER' < /tmp/users.txt > /etc/ftpusers && rm /tmp/users.txt
# All users will be placed into /etc/ftpusers, except the user allowed to login via ftp.
# The effect is to have all users denied ftp login except the user you specify as
# the implementation was in a shell script running in a crontab every day, to
# automatically update the /etc/ftpusers, in case additions are made.
Here's what it looks like:
root@localhost etc]# cut -d: -f1 /etc/passwd > /tmp/users.txt && grep -v 'GGD' < /tmp/users.txt > /etc/ftpusers && rm -f /tmp/users.txt
[root@localhost etc]# ftp localhost
ftp: connect: Connection refused
and removing root from the list of users in /etc/ftpusers , allows root to login.