I just tested the SSH login of an account that should not have ssh access outside the /home/ directory.
However, it appears it does.
I cannot access the other Virtual Server directory but I can access everything including /etc/webmin/ and so on.
I … feel this is largely insecure
While I cannot view the contents of said files. I certainly don’t want to allow access to other directories.
What do I need to do to restrict this?
That’s unfortunately not possible (or at least, simple) to setup:
https://www.virtualmin.com/node/12308
What your users are seeing is allowed by the typical UNIX/Linux permissions. You can always change the permissions on files/dirs you don’t want them to be able to see.
Barring that, you might just need to prevent SSH access altogether for some users.
-Eric
Troublesome, but not impossible.
Would be nice if the feature is inherently set by default to jail you to your /home/ directory…
Doesn’t look so hard to do…
http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-shell.html
/me configures.
EDIT:
This will at least allow SCP / SFTP without SSH access (I wonder if I can include jailed SSH access?) either way.
Win for me… 
Actually… I would highly recommend the above.
Gives users on your server access to SCP / SFTP without having to setup SSL for FTP.
But does not allow SSH login!
Tested and works beautifully!