This issue is caused by the directive
RequireValidShell. When set to on (which is the default), Proftpd will not allow users who do not have a shell binary listed in
/etc/shells to login. To solve this problem, either add
/etc/shells OR set
Also, there are some other reasons that preventing users to login. For example, PAM authentication is on by default, you may need to disable it by changing the
By the way, access control list (ACL) is a convenient way to handle file permissions for ftp users.