By default, when you give a user access to the system with a shell, the user can have access to a lot more information that you would like to give out. Especially if the user is not confined to a severly restricted environment, like a chrootjail.
Find out what a user see in your system:
find / -type f -a -perm +006
and what Files it has access to:
find / -type d -a -perm +007