diff --git a/sbosrcarch-wrapper b/sbosrcarch-wrapper
index cb37760..d4d749b 100755
--- a/sbosrcarch-wrapper
+++ b/sbosrcarch-wrapper
@@ -3,6 +3,9 @@
 
 # Configuration.
 COMMAND="/opt/bin/sbosrcarch"
+DEPOSITORY="/data/depository/sbosrcarch"
+SBOSRCARCH_USER="sbosrcarch"
+DEPOSITORY_GROUP="depository"
 LOGSDIR="/var/log/duplication/sbosrcarch/$(printf "%(%Y/%m)T")"
 LOGFILE="$(printf "%(%Y%m%d-%H%M%S)T")-$$"
 # Where from/to to send emails.  Comment for no emailing.
@@ -22,9 +25,25 @@ notify() {
   return 0
 }
 
-# Don't run as root!
-(( $(id -u) == 0 )) && {
-  printf "%s: %s\\n" "${0##*/}" "don't run me as root - it messes up permissions!" >&2
+# Logs are only for root.
+umask 027
+
+# Only run for the configured sbosrcarch user.
+[[ "$(whoami)" != "$SBOSRCARCH_USER" ]] && {
+  printf "%s: %s\\n" "${0##*/}" "must be run by the '$SBOSRCARCH_USER' user - use su to run manually" >&2
+  exit 1
+}
+
+# Make sure the logs directory exists.
+# shellcheck disable=SC2174
+mkdir -p -m 750 "$LOGSDIR" 2>/dev/null || {
+  printf "%s: %s\\n" "${0##*/}" "Failed to create logs directory '$LOGSDIR'" >&2
+  exit 1
+}
+
+# Make sure the command to do the work is runnable.
+[[ ! -x "$COMMAND" ]] && {
+  printf "%s: %s\\n" "${0##*/}" "'$COMMAND' is not executable" >&2
   exit 1
 }
 
@@ -43,27 +62,24 @@ if [[ "$FLOCK" != "$0" ]]; then
   fi
 fi
 
-# Logs are only for root.
-umask 027
+# Drop the caches as sometimes old user/groups are cached.
+sudo /opt/sbin/drop-caches
 
-# Make sure the logs directory exists.
-# shellcheck disable=SC2174
-mkdir -p -m 750 "$LOGSDIR" 2>/dev/null || {
-  printf "%s: %s\\n" "${0##*/}" "Failed to create logs directory '$LOGSDIR'" >&2
-  exit 1
-}
-
-# Make sure the command to do the work is runnable.
-[[ ! -x "$COMMAND" ]] && {
-  printf "%s: %s\\n" "${0##*/}" "'$COMMAND' is not executable" >&2
-  exit 1
-}
-
-# Do the sbosrcarch work.
-"$COMMAND" "${@:-update}" >"$LOGSDIR/$LOGFILE" 2>&1
-ERR="$?"
-printf "\\n" >>"$LOGSDIR/$LOGFILE"
-"$COMMAND" "status" >>"$LOGSDIR/$LOGFILE" 2>&1
+# Make sure there's no errant ownerships.
+#WRONG_PERMS="$(find "$DEPOSITORY" \( \! -user "$SBOSRCARCH_USER" -o \! -group "$DEPOSITORY_GROUP" \) -a \! -path "$DEPOSITORY" -printf "%u:%g\t%P\n")"
+if [[ -n "$WRONG_PERMS" ]]; then
+  printf "%s\\n" "This run has been aborted!" >"$LOGSDIR/$LOGFILE"
+  printf "%s\\n" "The following files in have errant permissions:" >>"$LOGSDIR/$LOGFILE"
+  printf "%s\\n" "$WRONG_PERMS" >>"$LOGSDIR/$LOGFILE"
+  ERR=-1
+else
+  # Do the sbosrcarch work.
+  sg "$DEPOSITORY_GROUP" -c "$COMMAND ${1:-update}" >"$LOGSDIR/$LOGFILE" 2>&1
+  ERR="$?"
+  printf "\\n" >>"$LOGSDIR/$LOGFILE"
+  sg "$DEPOSITORY_GROUP" -c "$COMMAND status" >>"$LOGSDIR/$LOGFILE" 2>&1
+  (( ERR += $? ))
+fi
 
 # Tell the sysadmin what went on.
 if (( "$ERR" == 0 )); then