This was written for system users who should only have ftp access, not shell (login) access.

Copy this file to /bin/ftponly. You will have to add /bin/ftponly.sh to /etc/shells for the system to accept it as a valid shell.

#!/bin/bash
# /bin/ftponly.sh
# Written by Andrew Stringer ages ago.
# Use this script as a login shell for users where you don't want shell access,
# ie. ftp only users on a webserver.
# You will have to add /bin/ftponly.sh to the /etc/shells file to allow the system to use # it.
 
TERM=vt100
export TERM
 
#Set this to point to where policy queries should be sent.
ADMIN=adminuser@xxx.com
#Set this to the alert recipient.
MAILTO=alerts@xxx.com
 
#This may have to be modified to suit how your system defines itself.
SYSTEM=`cat /etc/hostname`
NOW=`date +%c`
 
MSG=/tmp/ftpmsg.txt-$$
echo "${LOGNAME}@${REMOTEHOST}${SSH_CLIENT} has attempted access to a shell on ${SYSTEM} at ${NOW}." > ${MSG}
 
 
clear
echo "$TODAY ${LOGNAME}@${REMOTEHOST} ${SSH_CLIENT}" >>/var/log/shellaccess.log
echo
echo "*************************************************************************"
echo " "
echo "   It is $NOW"
echo " "
echo "   Sorry, ${LOGNAME}@${REMOTEHOST}${SSH_CLIENT}, you are not allowed"
echo "   interactive access to ${SYSTEM}."
echo " "
echo "   This access attempt has been logged by username, date and hostname."
echo " "
echo "   FTP User accounts are restricted to ftp access."
echo " "
echo "   Direct questions concerning this policy to ${ADMIN}."
echo " "
echo "*************************************************************************"
echo
 
#send alert mail
/bin/mail ${MAILTO} -s "Login attempt to ftp only account" < ${MSG}
 
rm ${MSG}
 
sleep 10
 
exit 0