diff --git a/data/hooks/conf_regen/01-yunohost b/data/hooks/conf_regen/01-yunohost
index 0a92a6a32..204b33b7d 100755
--- a/data/hooks/conf_regen/01-yunohost
+++ b/data/hooks/conf_regen/01-yunohost
@@ -155,6 +155,11 @@ do_post_regen() {
   setfacl -m g:all_users:--- /etc/yunohost
   setfacl -m g:all_users:--- /etc/ssowat
 
+  for USER in $(yunohost user list --quiet --output-as json | jq -r '.users | .[] | .username')
+  do
+    [ ! -e "/home/$USER" ] || setfacl -m g:all_users:--- /home/$USER
+  done
+
   # Misc configuration / state files
   chown root:root $(ls /etc/yunohost/{*.yml,*.yaml,*.json,mysql,psql} 2>/dev/null)
   chmod 600 $(ls /etc/yunohost/{*.yml,*.yaml,*.json,mysql,psql} 2>/dev/null)
diff --git a/src/yunohost/user.py b/src/yunohost/user.py
index 089f2ba0e..755bbd6ee 100644
--- a/src/yunohost/user.py
+++ b/src/yunohost/user.py
@@ -229,6 +229,11 @@ def user_create(
         if not os.path.isdir("/home/{0}".format(username)):
             logger.warning(m18n.n("user_home_creation_failed"), exc_info=1)
 
+    try:
+        subprocess.check_call(["setfacl", "-m", "g:all_users:---", "/home/%s" % username])
+    except subprocess.CalledProcessError:
+        logger.warning("Failed to protect /home/%s" % username, exc_info=1)
+
     # Create group for user and add to group 'all_users'
     user_group_create(groupname=username, gid=uid, primary_group=True, sync_perm=False)
     user_group_update(groupname="all_users", add=username, force=True, sync_perm=True)