diff --git a/docs/topic/security.rst b/docs/topic/security.rst
index e540f31..4c98ba7 100644
--- a/docs/topic/security.rst
+++ b/docs/topic/security.rst
@@ -22,6 +22,10 @@ permissions.
 
 #. A home directory is created for the user under ``/home/jupyter-<username>``.
 
+#. The default permission of the home directory is change with ``o-rwx`` (remove
+   non-group members the ability to read, write or list files and folders in the
+   Home directory).
+
 #. No password is set for this unix system user by default. The password used
    to log in to JupyterHub (if using an authenticator that requires a password)
    is not related to the unix user's password in any form.
diff --git a/tljh/user.py b/tljh/user.py
index 6b7ca0c..ef946e3 100644
--- a/tljh/user.py
+++ b/tljh/user.py
@@ -6,6 +6,7 @@ Supports minimal user & group management
 import pwd
 import grp
 import subprocess
+from os.path import expanduser
 
 
 def ensure_user(username):
@@ -27,6 +28,12 @@ def ensure_user(username):
         username
     ])
 
+    subprocess.check_call([
+        'chmod',
+        'o-rwx', 
+        expanduser('~{username}'.format(username=username))
+    ])
+
 
 def remove_user(username):
     """