By default, when you give a user access to the system with a shell, the user can have access to a lot more information that you would like to give out. Especially if the user is not confined to a severly restricted environment, like a chrootjail.

Find out what a user see in your system:

find / -type f -a -perm +006

and what Files it has access to:

find / -type d -a -perm +007