Você também precisa adicionar esta opção de configuração:
userlist_enable=YES
Detalhes
userlist_deny — When used in conjunction with the userlist_enable directive and set to NO, all local users are denied access unless the username is listed in the file specified by the userlist_file directive. Because access is denied before the client is asked for a password, setting this directive to NO prevents local users from submitting unencrypted passwords over the network.
The default value is YES.
userlist_enable — When enabled, the users listed in the file specified by the userlist_file directive are denied access. Because access is denied before the client is asked for a password, users are prevented from submitting unencrypted passwords over the network.
The default value is NO, however under Red Hat Enterprise Linux the value is set to YES.
userlist_file — Specifies the file referenced by vsftpd when the userlist_enable directive is enabled.