diff --git a/roles/provision_homedir/templates/provision_homedir.py.j2 b/roles/provision_homedir/templates/provision_homedir.py.j2
index bf61ed8464c880aa5baa17837f25a4d860573576..07563cab82a647a84d9a39df47df86cc583419ee 100644
--- a/roles/provision_homedir/templates/provision_homedir.py.j2
+++ b/roles/provision_homedir/templates/provision_homedir.py.j2
@@ -3,6 +3,8 @@ import ldap
 import traceback
 import os
 import stat
+#import shutil
+import subprocess
 
 class ldapSearchConfig:
     def __init__(self):
@@ -18,8 +20,7 @@ class genericUser:
         self.dn=""
         self.cn=""
         self.entry=""
-	self.uid=""
-
+        self.uid=""
 
 def get_users(server):
 #    ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,server.cacertfile)
@@ -42,7 +43,6 @@ def get_users(server):
         allusers[dn].entry=attrs
     return allusers
 
-
 def mk_homedir(path,uidNumber,gidNumber):
 	try:
 		statinfo = os.stat(path)
@@ -56,6 +56,37 @@ def mk_homedir(path,uidNumber,gidNumber):
 	else:
 		raise Exception("users homedirectory is not a directory %s"%path)
 
+# adapted from http://stackoverflow.com/questions/5994840/how-to-change-the-user-and-group-permissions-for-a-directory-by-name
+def recursive_chown(path,uidNumber,gidNumber):
+	si = os.stat(path)
+	# just a precaution before we recursively apply uid/gid to a path
+	if si.st_uid != uidNumber or si.st_gid != gidNumber:
+		raise Exception("user home %s uid %d != %d, gid %d != %d mismatch" % (path,si.st_uid,uidNumber,si.st_gid,gidNumber))
+	for root, dirs, files in os.walk(path):
+		for dname in dirs:
+			os.chown(os.path.join(root, dname), uidNumber, gidNumber)
+		for fname in files:
+			os.chown(os.path.join(root, fname), uidNumber, gidNumber)
+
+def cp_skel(skelroot, path, uidNumber, gidNumber):
+	if skelroot is None:
+		# assumes NO trailing / on the home path or dead meat
+		skelroot = path.rsplit("/", 1)[0]
+	# fix this later if your common/skel is located elsewhere
+	skelpath = os.path.join(skelroot, 'common', 'skel')
+	if os.path.isdir(skelpath):
+		# copy the skel into the user $HOME
+		# os.system("/bin/cp -r %s/* %s" % (skelpath, path))
+		subprocess.call(['/bin/cp', '-r', "%s/*" % skelpath, path])
+		# os.system("/bin/cp %s/\.* %s" % (skelpath, path))
+		subprocess.call(['/bin/cp', "%s/.*" % skelpath, path])
+		# ideally use this, but it assumes 'path' does not exist
+		# shutil.copytree(skelpath, path)
+		# chown to user ownership
+		recursive_chown(path, uidNumber, gidNumber)
+	else:
+		raise Exception("skel path is missing %s" % skelpath)
+
 s=ldapSearchConfig()
 s.ldapserver="{{ ldapURI }}"
 s.binddn="{{ ldapBindDN }}"
@@ -65,15 +96,15 @@ s.searchFilter = "{{ search_filter }}"
 homeDirEntry= "{{ homeDirEntry }}"
 mnthome = "{{ mnthome }}"
 
-
 users=get_users(s)
 for user in users:
 	try:
-                if mnthome != "":
-                    path=mnthome+"/"+users[user].entry[homeDirEntry][0].rsplit("/",1)[1]
-                else:
-                    path=users[user].entry[homeDirEntry][0]
-		mk_homedir(path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0]))
+		if mnthome != "":
+			path=mnthome+"/"+users[user].entry[homeDirEntry][0].rsplit("/",1)[1]
+		else:
+			path=users[user].entry[homeDirEntry][0]
+		mk_homedir(None, path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0]))
+		cp_skel(None, path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0]))
 	except:
 		print traceback.format_exc()
 		pass