diff --git a/mirror-wrapper b/mirror-wrapper
index 61be5f4..9f9c532 100755
--- a/mirror-wrapper
+++ b/mirror-wrapper
@@ -3,6 +3,10 @@
 
 # Configuration.
 COMMAND="/opt/bin/mirror"
+DEPOSITORY="/data/depository"
+MIRRORING_USER="mirroring"
+SBOSRCARCH_USER="sbosrcarch"
+DEPOSITORY_GROUP="depository"
 LOGSDIR="/var/log/duplication/mirroring/$(printf "%(%Y/%m)T")"
 LOGFILE="$(printf "%(%Y%m%d-%H%M%S)T")-$$"
 MIN_LOGFILE_SIZE="650"		# Used to prevent unnecessary emails - only messages over this size are sent.
@@ -22,9 +26,22 @@ notify() {
   return 0
 }
 
-# Don't run as root!
-(( $(id -u) == 0 )) && {
-  printf "%s: %s\\n" "${0##*/}" "don't run me as root - it messes up permissions!" >&2
+# Only run for the configured mirroring user.
+[[ "$(whoami)" != "$MIRRORING_USER" ]] && {
+  printf "%s: %s\\n" "${0##*/}" "must be run by the '$MIRRORING_USER' user - use su to run manually" >&2
+  exit 1
+}
+
+# Make sure the logs directory exists.
+# shellcheck disable=SC2174
+mkdir -p -m 750 "$LOGSDIR" 2>/dev/null || {
+  printf "%s: %s\\n" "${0##*/}" "Failed to create logs directory '$LOGSDIR'" >&2
+  exit 1
+}
+
+# Make sure the command to do the work is runnable.
+[[ ! -x "$COMMAND" ]] && {
+  printf "%s: %s\\n" "${0##*/}" "'$COMMAND' is not executable" >&2
   exit 1
 }
 
@@ -46,22 +63,22 @@ fi
 # Logs are only for root.
 umask 027
 
-# Make sure the logs directory exists.
-# shellcheck disable=SC2174
-mkdir -p -m 750 "$LOGSDIR" 2>/dev/null || {
-  printf "%s: %s\\n" "${0##*/}" "Failed to create logs directory '$LOGSDIR'" >&2
-  exit 1
-}
+# Drop the caches as sometimes old user/groups are cached.
+sudo /opt/sbin/drop-caches
 
-# Make sure the command to do the work is runnable.
-[[ ! -x "$COMMAND" ]] && {
-  printf "%s: %s\\n" "${0##*/}" "'$COMMAND' is not executable" >&2
-  exit 1
-}
-
-# Do the mirroring work.
-"$COMMAND" "$@" >"$LOGSDIR/$LOGFILE" 2>&1
-ERR="$?"
+# Make sure there's no errant ownerships.
+WRONG_PERMS="$(find "$DEPOSITORY" \( \( \! -user "$MIRRORING_USER" -a \! -user "$SBOSRCARCH_USER" \) -o \( \! -group "$DEPOSITORY_GROUP" \) \) -a \! -path "$DEPOSITORY" -printf "%u:%g\t%P\n")"
+if [[ -n "$WRONG_PERMS" ]]; then
+  printf "%s\\n" "This sync has been aborted!" >"$LOGSDIR/$LOGFILE"
+  printf "%s\\n" "The following files in have errant permissions:" >>"$LOGSDIR/$LOGFILE"
+  printf "%s\\n" "$WRONG_PERMS" >>"$LOGSDIR/$LOGFILE"
+  ERR=-1
+else
+  # Do the mirroring work.
+  export MIRRORING_USER
+  sg "$DEPOSITORY_GROUP" -c "$COMMAND" "$@" >"$LOGSDIR/$LOGFILE" 2>&1
+  ERR="$?"
+fi
 
 # Tell the sysadmin what went on.
 if (( "$ERR" == 0 )); then