diff --git a/roles/base/files/system_setup/validate-rsync.sh b/roles/base/files/system_setup/validate-rsync.sh
index 4b223f9..b01561a 100755
--- a/roles/base/files/system_setup/validate-rsync.sh
+++ b/roles/base/files/system_setup/validate-rsync.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-case "${SSH_ORIGINALCOMMAND}" in
+case "${SSH_ORIGINAL_COMMAND}" in
 	*\&*)
 		echo "Rejected 1"
 		;;
diff --git a/roles/base/tasks/users/root.yml b/roles/base/tasks/users/root.yml
index 42dc33d..3594b42 100644
--- a/roles/base/tasks/users/root.yml
+++ b/roles/base/tasks/users/root.yml
@@ -24,6 +24,12 @@
   with_file:
     - public_keys/backup_ed25519.pub
 
+- name: users | root | copy ~/validate-rsync.sh
+  copy:
+    dest: "{{ getent_passwd[user][4] }}/validate-rsync.sh"
+    src: "validate-rsync.sh"
+    mode: "0744"
+
 # - name: users | root | install private ssh keys
 #   copy:
 #     dest: "/root/.ssh/"