I have been through the same pain. I also looked at the IBM AIX anonymous script sent with AIX and was NOT keen to have an anonymous user on my system. Finally found what I was looking for, set your user as you have done with only ftp access. Then it is actually very simple, there are 2 ftp config files (both standard txt files):
/etc/ftpusers
/etc/ftpaccess.ctl
The first file I'm sure you know, it just restricts ftp access to any user listed in that file:
#>cat ftpusers
#The follwoing list of users will be restricted from ftp login
root
bin
uucp
ingres
daemon
news
nobody
anonymous
The second file is what you are looking for. There is actullay a full detailed description of how and what to set in the file if just run a man on ftpd. I felt kind of stupid after searching to the end of the web for this info and I found it already detailed in AIX. But not many people know of it? Anyway here is an example of what you would set in the ftpaccess.ctl if you wanted user "ftp" to have login to "/home/ftp", the user will be able to change directory forward but not backwards. Also when user ftp logs in and runs pwd it will show only "/" and not "/home/ftp".
#>cat ftpaccess.ctl
useronly: ftp
readwrite: /home/ftp
This is an absoulte winner. No extra non-AIX software or hacks or annonymous users. I used it on AIX 5.3 TL 06 and had no major issues. I did find that I couldn't get all the functions in the ftpaccess.ctl file to work correctly (dent, thats why I used in conjection with ftpusers). I actually think this comes from Linux and I am not sure what versions of AIX do and don't support this setup. So give it a bash