Update: Open Basedir is already enabled on all accounts.Hello,
Usually PHP open basedir is used here to prevent access.
If you give your users SSH access, then you might consider using ChrootDirectory in /etc/ssh/sshd_config per user.
I am using CL from long time but 7 month ago I found that it was easy to bypass it then I enabled Apache jail. (Different control panel, Not DA)Use CloudLinux then, a commercial OS, it will restrict access.
Does Apache Jail protect against directory browsing in shell scripts?
And are you sure that CageFS in CloudLinux does not protect you against it?