DSM-G600, DNS-3xx and NSA-220 Hack Forum

Hi,

I'm using proftpd from ffp 0.5.
All the config is ok, ftp is running well.

But I have a problem.

If I create a generic user with a generic group this user can connect to ftp with standard procedure of login & password.
But, as I can see from /etc/passwd he can connect also with a shell, ssh for example.
So even if I chroot the user to their home, with the shell the user can navigate wherever he want.
If I disable the shell from passwd (/bin/false) he can't connect to ftp.

So I've read that I can use an external AuthUserFiles and AuthUserGroup in addition to /etc/passwd, where I can store other users and stop them from using the shell.
But I don't know how to create it I know that it's in the same format of passwd, but manually I don't know what I have to do.
I've seen a proftptools that makes it, but it seems written in perl and I don't think I can use it with dns323.

Any idea or suggestion?
What kind of users do you have configured in your ftp? All with shell access?