Yes, you can "copy Accounts", but it requires scripting. There is a New Account script step; you must provide a unique name for the Account and a Password.
You cannot "read" the current Accounts. You have no script or functional access to read existing Accounts.* Which is often a PITA, but necessary for security (I suppose). So you would need a table with that information; a "users" table.
I don't know specifically what "security settings" means to you. It is too general a term. There are Privilege Sets, which determine what the group of Accounts with that Privilege Set assigned can do. There are many settings, and many of them are specific to that file, to those tables and fields, layouts, scripts and value lists. So there is no way to "copy" from one file to another; they must be created manually for each file (unless you have some kind of "robot" application to do that).
What you can do is to create the few necessary consistent Privilege Sets, modified to fit that file's objects. Then create Accounts by script in each file, assigning each a consistent Privilege Set in each file. You can have fewer Privilege sets in small specialized files (such as "Manager" and "User"). In other words, by "consistent" I mean consistent in level of restrictions for the general group of people.
* The only scripted way I know of to see whether an Accounts exists in a file is to use the Relogin step (which also requires the password). If it succeeds, then that Account and PW are active in that file. If not, you can create it. The Delete Account step requires only the name of the Account. These scripts must [x] Run with Full Access (or the subscript that uses "account" script steps).
This is an example file I created (a long time ago, FileMaker 5 I think).
There is an alternate more secure method, where you do not store the passwords in the file, but just use a generic one, then use the option [x] "User must change password on next login." Only the user knows their password. If they forget it, then Delete & Create their Account again, in all files. Does not take long.
I would still store their Account Name (except in very secure environments). Because the function Get (AccountName) is very useful, and it needs something to compare it to. It can be used to control View and Edit access to table records, via users' Privilege Set record access settings.