When I try to SSH Access "enabled" for user I see this user be able to read /etc /home .... etc.
Is it secure? Everybody can read all root level files with this.
Each file in Linux/BSD have three general permissions:
User, Group, Other
The first number represents what the owner of the file (whoever created it or is later changed to own it), the second number represents what the other users from the same group can do with it and the Other is for everybody else.
The numbers can be anything form 1 to 7. And they are calculated by the following math:
4 - r (Read)
2 - w (Write)
1 - x (eXecute)
So here they go:
0 - nothing
1 - execute
2 - write
3 (2+1) - execute and write
4 - read
5 (4+1) - read and execute
6 (4+2) - read and write
7 (4+2+1) - read, write and execute.
If you check the permissions of the files in your OS, you will notice that most of them are "read only" or "read and execute" for "Other" and the owner is "root" with group "wheel". Your users are running as user "username" and group "username" (so different group than the root user) - they fall under the permissions of "Other".
For example they can eventually run programs and read some configuration files, but they cannot modify them and change the server software.
Some files however are dangerous and your users must NOT have access to. That's for example the /etc/master.passwd file (contains hashed passwords of all users in the system) or /etc/proftpd.passwd (contains all FTP passwords), etc. These files are with permissions "0" for the "Other" which means that your users will not be able to access them. Usually all permissions are set like that by default - important files which could cause security risk are not readable for your users.
Furthermore you do not want your users to read each other files. You don't want the users to be able to download the source code of the websites of other users - they can not only contain copyrighted or private information, but also configuration files with plain text passwords for databases for example. Well here everything is fine thanks to DirectAdmin - if you check your /home directory, you will see that every user folder is with user "username" and group "access" where the permissions are 710:
- The user can do whatever he wants in his own directory
- Only execute is given to the "access" group
- Others can't do anything
The user "username" is created himself with group "username" and he is not a member of the "access" group. This means that one user is "Other" for another. So one user can't do anything inside another user directory. Try it.
Now... "is it secure". Usually yes. If you don't make any mistakes (like messing with permissions of important files) it should be OK. The modern systems however have hardware vulnerabilities - Meltdown and Spectre. There are still no many practical demonstrations for tools which can do much damage... but who knows...
So do NOT give SSH access to everybody by default. Make it an "exceptional service" - only to valuable customers which are people you know well. Tell others that they should invest in VPS.