Ok... I installed new Debian 9. After that I installed Virtualmin from the installation script.
My big, BIG question is: Why going through default installation and only changing MySQL server's RAM usage from 2GB to 256MB it allows the very first user to read directories such as /etc, /var? Why does it have to be turned on by default and WHY for the sake of security it is not set up correctly?
I would like to finally solve this problem once and forever so please guide me WHAT OPTION do I skip when doing default installation so the first user (domain that I park in Virtualmin) won't be able to browse server files! And please fix that cause it wasn't happening 7 years ago when I started to use Virtualmin.