diff --git a/deploy_authorized_keys.yml b/deploy_authorized_keys.yml
index acc0f1c..6895ecf 100644
--- a/deploy_authorized_keys.yml
+++ b/deploy_authorized_keys.yml
@@ -1,15 +1,29 @@
 ---
 - hosts: all
   tasks:
+  - name: make sure user pi exists
+    become: true
+    ansible.builtin.user:
+      name: pi
+      groups: adm,cdrom,dip,plugdev,lxd,users,sudo
   - name: make direcotry
+    become: true
     file:
       path: "/home/pi/.ssh"
+      owner: pi
+      group: pi
+      mode: '0700'
       state: directory
   - name: create empty file
+    become: true
     file:
       path: "/home/pi/.ssh/authorized_keys"
+      owner: pi
+      group: pi
+      mode: '0644'
       state: touch
   - name: put pubkey
+    become: true
     lineinfile:
       path: "/home/pi/.ssh/authorized_keys"
       line: "{{ pubkey }}"