diff --git a/stages/org.osbuild.users.meta.json b/stages/org.osbuild.users.meta.json
index 0483ac3d..433e7811 100644
--- a/stages/org.osbuild.users.meta.json
+++ b/stages/org.osbuild.users.meta.json
@@ -9,62 +9,64 @@
     "inside a chroot to ensure that a home dir exists for the user, as `usermod`",
     "does not create it (it will move existing dirs though)."
   ],
-  "schema": {
-    "additionalProperties": false,
-    "properties": {
-      "users": {
-        "additionalProperties": false,
-        "type": "object",
-        "description": "Keys are usernames, values are objects giving user info.",
-        "patternProperties": {
-          "^[A-Za-z0-9_.][A-Za-z0-9_.-]{0,31}$": {
-            "type": "object",
-            "properties": {
-              "uid": {
-                "description": "User UID",
-                "type": "number"
-              },
-              "gid": {
-                "description": "User GID",
-                "type": "number"
-              },
-              "groups": {
-                "description": "Array of group names for this user",
-                "type": "array",
-                "items": {
+  "schema_2": {
+    "options": {
+      "additionalProperties": false,
+      "properties": {
+        "users": {
+          "additionalProperties": false,
+          "type": "object",
+          "description": "Keys are usernames, values are objects giving user info.",
+          "patternProperties": {
+            "^[A-Za-z0-9_.][A-Za-z0-9_.-]{0,31}$": {
+              "type": "object",
+              "properties": {
+                "uid": {
+                  "description": "User UID",
+                  "type": "number"
+                },
+                "gid": {
+                  "description": "User GID",
+                  "type": "number"
+                },
+                "groups": {
+                  "description": "Array of group names for this user",
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "description": {
+                  "description": "User account description (or full name)",
                   "type": "string"
-                }
-              },
-              "description": {
-                "description": "User account description (or full name)",
-                "type": "string"
-              },
-              "home": {
-                "description": "Path to user's home directory",
-                "type": "string"
-              },
-              "shell": {
-                "description": "User's login shell",
-                "type": "string"
-              },
-              "password": {
-                "description": "User's encrypted password, as returned by crypt(3)",
-                "type": "string"
-              },
-              "key": {
-                "description": "SSH Public Key to add to ~/.ssh/authorized_keys",
-                "type": "string"
-              },
-              "keys": {
-                "description": "Array of SSH Public Keys to add to ~/.ssh/authorized_keys",
-                "type": "array",
-                "items": {
+                },
+                "home": {
+                  "description": "Path to user's home directory",
                   "type": "string"
+                },
+                "shell": {
+                  "description": "User's login shell",
+                  "type": "string"
+                },
+                "password": {
+                  "description": "User's encrypted password, as returned by crypt(3)",
+                  "type": "string"
+                },
+                "key": {
+                  "description": "SSH Public Key to add to ~/.ssh/authorized_keys",
+                  "type": "string"
+                },
+                "keys": {
+                  "description": "Array of SSH Public Keys to add to ~/.ssh/authorized_keys",
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "expiredate": {
+                  "description": "The date on which the user account will be disabled. This date is represented as a number of days since January 1st, 1970.",
+                  "type": "integer"
                 }
-              },
-              "expiredate": {
-                "description": "The date on which the user account will be disabled. This date is represented as a number of days since January 1st, 1970.",
-                "type": "integer"
               }
             }
           }
diff --git a/stages/test/test_users.py b/stages/test/test_users.py
index ce41a3d1..a3889c3c 100644
--- a/stages/test/test_users.py
+++ b/stages/test/test_users.py
@@ -4,10 +4,35 @@ from unittest.mock import patch
 
 import pytest
 
-from osbuild.testutil import make_fake_tree, mock_command
+from osbuild.testutil import assert_jsonschema_error_contains, make_fake_tree, mock_command
+
 
 STAGE_NAME = "org.osbuild.users"
 
+
+@pytest.mark.parametrize("test_data,expected_err", [
+    # bad
+    ({"users": {"!invalid-name": {}}}, "'!invalid-name' does not match any of the regex"),
+    ({"users": {"foo": {"home": 0}}}, "0 is not of type 'string'"),
+    # good
+    ({}, ""),
+    ({"users": {"foo": {}}}, ""),
+])
+def test_schema_validation(stage_schema, test_data, expected_err):
+    test_input = {
+        "type": STAGE_NAME,
+        "options": {},
+    }
+    test_input["options"].update(test_data)
+    res = stage_schema.validate(test_input)
+
+    if expected_err == "":
+        assert res.valid is True, f"err: {[e.as_dict() for e in res.errors]}"
+    else:
+        assert res.valid is False
+        assert_jsonschema_error_contains(res, expected_err, expected_num_errs=1)
+
+
 TEST_CASES = [
     # user_opts,expected commandline args
     ({}, []),