diff --git a/wbstore/GNUmakefile.in b/wbstore/GNUmakefile.in
index 7ff1384df738b6159e827b6a794ab5ca7cc96811..41a6c46ba57502ca4c95a52031f1474cda9226c0 100644
--- a/wbstore/GNUmakefile.in
+++ b/wbstore/GNUmakefile.in
@@ -30,17 +30,19 @@ ISMAINSITE	= @TBMAINSITE@
 include $(OBJDIR)/Makeconf
 
 ifeq ($(ISMAINSITE),1)
-BOSS_SBIN_FILES = createwbstore destroywbstore
+BOSS_SBIN_SCRIPTS =
+SETUID_SBIN_SCRIPTS = createwbstore destroywbstore
 BOSS_LIB_FILES  = WBStore.pm
 BOSS_DATA_FILES	= send-template.xml recv-template.xml \
 		  recv-device-template.xml recv-folder-template.xml
-OPS_SBIN_FILES  = installwbstore wbstoremonitor
+OPS_SBIN_SCRIPTS  = installwbstore wbstoremonitor
 OPS_LIB_FILES	= WBStore.pm
 else
-BOSS_SBIN_FILES = wbstoremonitor installwbstore
+BOSS_SBIN_SCRIPTS = wbstoremonitor installwbstore
+SETUID_SBIN_SCRIPTS = 
 BOSS_LIB_FILES  = WBStore.pm
 BOSS_DATA_FILES =
-OPS_SBIN_FILES  = 
+OPS_SBIN_SCRIPTS  = 
 OPS_LIB_FILES	= 
 endif
 INSTALL_DATADIR = $(INSTALL_TOPDIR)/wbstore/templates
@@ -49,7 +51,7 @@ INSTALL_DATADIR = $(INSTALL_TOPDIR)/wbstore/templates
 # Force dependencies on the scripts so that they will be rerun through
 # configure if the .in file is changed.
 # 
-all: $(BOSS_SBIN_FILES) $(OPS_SBIN_FILES) $(BOSS_LIB_FILES) $(OPS_LIB_FILES) $(BOSS_DATA_FILES)
+all: $(BOSS_SBIN_SCRIPTS) $(OPS_SBIN_SCRIPTS) $(SETUID_SBIN_SCRIPTS) $(BOSS_LIB_FILES) $(OPS_LIB_FILES) $(BOSS_DATA_FILES)
 
 include $(TESTBED_SRCDIR)/GNUmakerules
 
@@ -61,16 +63,19 @@ ifeq ($(ISMAINSITE),1)
 	-mkdir -m 750 -p $(INSTALL_DIR)/opsdir/wbstore/tarballs
 endif
 
-install: install-dirs $(addprefix $(INSTALL_SBINDIR)/, $(BOSS_SBIN_FILES)) \
+boss-install: install
+
+install: install-dirs $(addprefix $(INSTALL_SBINDIR)/, $(BOSS_SBIN_SCRIPTS)) \
+	$(addprefix $(INSTALL_SBINDIR)/, $(SETUID_SBIN_SCRIPTS)) \
 	$(addprefix $(INSTALL_LIBDIR)/, $(BOSS_LIB_FILES)) \
 	$(addprefix $(INSTALL_DATADIR)/, $(BOSS_DATA_FILES)) \
-	$(addprefix $(INSTALL_DIR)/opsdir/sbin/, $(OPS_SBIN_FILES)) \
+	$(addprefix $(INSTALL_DIR)/opsdir/sbin/, $(OPS_SBIN_SCRIPTS)) \
 	$(addprefix $(INSTALL_DIR)/opsdir/lib/, $(OPS_LIB_FILES))
 
 control-install:
 
 clean: 
-	rm -f $(BOSS_SBIN_FILES) $(OPS_SBIN_FILES) $(BOSS_LIB_FILES) $(OPS_LIB_FILES) $(BOSS_DATA_FILES)
+	rm -f $(BOSS_SBIN_SCRIPTS) $(SETUID_SBIN_SCRIPTS) $(OPS_SBIN_SCRIPTS) $(BOSS_LIB_FILES) $(OPS_LIB_FILES) $(BOSS_DATA_FILES)
 
 $(INSTALL_DATADIR)/%: %
 	@echo "Installing $<"
diff --git a/wbstore/createwbstore.in b/wbstore/createwbstore.in
index 96d389f616e046d1bc64b3aa32c11a55e1fa8feb..8f671ec8e0eba5eef48eb08b6385faf40ac90370 100644
--- a/wbstore/createwbstore.in
+++ b/wbstore/createwbstore.in
@@ -173,6 +173,21 @@ if (defined($options{o})) {
     }
 }
 
+#
+# We do not want to run this script unless its the real version.
+#
+if ($EUID != 0) {
+    fatal("Must be setuid! Maybe its a development version?");
+}
+
+#
+# This script is setuid, so please do not run it as root. Hard to track
+# what has happened.
+# 
+if ($UID == 0) {
+    fatal("Please do not run this as root! Its already setuid!");
+}
+
 if (@ARGV == 0) {
     print STDERR "Must specify an experiment UUID or one or more aggregate domains\n";
     usage();
diff --git a/wbstore/destroywbstore.in b/wbstore/destroywbstore.in
index 07752f4ea5347c33cfa1f7216a0896e54296a09e..e04d3471ca008596ed75a7e75aa98abaf03e2a2b 100644
--- a/wbstore/destroywbstore.in
+++ b/wbstore/destroywbstore.in
@@ -108,16 +108,26 @@ if (@ARGV != 1) {
     usage();
 }
 
-# This should always run as root.
-if ($UID != 0) {
-    fatal("Only root can run this script!");
-}
-
 $exptuuid = parseinstance($ARGV[0], 1);
 if (!$exptuuid) {
     fatal("$exptuuid: Not a valid experiment UUID\n");
 }
 
+#
+# We do not want to run this script unless its the real version.
+#
+if ($EUID != 0) {
+    fatal("Must be setuid! Maybe its a development version?");
+}
+
+#
+# This script is setuid, so please do not run it as root. Hard to track
+# what has happened.
+# 
+if ($UID == 0) {
+    fatal("Please do not run this as root! Its already setuid!");
+}
+
 #
 # See if it is a valid current or past instance
 #
@@ -190,11 +200,10 @@ if ($background) {
 # For all aggregates, we run on "boss"
 @fqdns = map { "boss.$_" } @fqdns;
 
-# "Validate" node names, including server
 #
 # Try once to push out the the state to each aggregate. Since aggregates
 # may not be up at the time of our call, this may not succeed.
-# We do ops first, since it is the one that matter most.
+# We do ops first, since it is the one that matters most.
 #
 foreach my $h ($SERVER, @fqdns) {
     my ($host, $domain) = parsehostname($h);