diff --git a/data/hooks/conf_regen/01-yunohost b/data/hooks/conf_regen/01-yunohost
index 767bc419b..5a3d4bc3b 100755
--- a/data/hooks/conf_regen/01-yunohost
+++ b/data/hooks/conf_regen/01-yunohost
@@ -123,6 +123,11 @@ do_post_regen() {
   setfacl -m g:all_users:--- /etc/yunohost
   setfacl -m g:all_users:--- /etc/ssowat
 
+  for USER in $(yunohost user list --quiet --output-as json | jq -r '.users | .[] | .username')
+  do
+    [ ! -e "/home/$USER" ] || setfacl -m g:all_users:--- /home/$USER
+  done
+
   # Misc configuration / state files
   chown root:root $(ls /etc/yunohost/{*.yml,*.yaml,*.json,mysql,psql} 2>/dev/null)
   chmod 600 $(ls /etc/yunohost/{*.yml,*.yaml,*.json,mysql,psql} 2>/dev/null)
diff --git a/src/yunohost/user.py b/src/yunohost/user.py
index 7f8f2dc35..b0c14ac39 100644
--- a/src/yunohost/user.py
+++ b/src/yunohost/user.py
@@ -215,6 +215,11 @@ def user_create(operation_logger, username, firstname, lastname, mail, password,
             logger.warning(m18n.n('user_home_creation_failed'),
                            exc_info=1)
 
+    try:
+        subprocess.check_call(["setfacl", "-m", "g:all_users:---", "/home/%s" % username])
+    except subprocess.CalledProcessError:
+        logger.warning("Failed to protect /home/%s" % username, exc_info=1)
+
     # Create group for user and add to group 'all_users'
     user_group_create(groupname=username, gid=uid, primary_group=True, sync_perm=False)
     user_group_update(groupname='all_users', add=username, force=True, sync_perm=True)