在/etc/pam.d/login中添加：
auth required /lib/security/pam_listfile.so item=user sense=deny file=
/etc/login_deny onerr=succeed
然后在/etc/中添加login_deny文件，里面添上所要禁止
的用户名即可。

1.写一个shell script /bin/ftponly:
#!/bin/sh
/bin/cat << XX
You can only use FTP on this computer,
but you may not use this account to login.
Connection will be closed in 10 seconds.
XX
/usr/bin/sleep 10
#end of ftponly
2.把用户ftponly的shell设置成/bin/ftponly:
到passwd文件,找到对应于ftponly的那行
ftponly:......:/home/ftponly:/bin/bash,把最后的
/bin/bash改为/bin/ftponly.
3.把 /bin/ftponly 加入到 /etc/shells
/bin/bash
/bin/tcsh
/bin/csh
/bin/ash
/bin/zsh
/bin/ftponly
就行了:-)))))