Don't create home publicly readable

World-Readable seem to be a surprising default for many people,
especially in teaching context. Switch to a more reasonable rwxr-x---

We have to issue a chmod, as changing at creation time would require
changin /etc/adduser.conf DIR_MODE=0760 (or whatever), but that seem
unwise.

We do not set the exact permission in case the DIR_MODE is more
restrictive.

Closing #158

tljh/user.py

@@ -6,6 +6,7 @@ Supports minimal user & group management
 import pwd
 import grp
 import subprocess
+from os.path import expanduser
 
 
 def ensure_user(username):
@@ -27,6 +28,12 @@ def ensure_user(username):
         username
     ])
 
+    subprocess.check_call([
+        'chmod',
+        'o-rwx', 
+        expanduser('~{username}'.format(username=username))
+    ])
+
 
 def remove_user(username):
     """