diff --git a/pwrap.c b/pwrap.c
new file mode 100644
index 0000000..2927ee3
--- /dev/null
+++ b/pwrap.c
@@ -0,0 +1,68 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <string.h>
+
+#ifndef CGISCRIPT_PATH
+#define CGISCRIPT_PATH	"./s4.cgi"
+#endif
+
+int main(int argc, char *argv[])
+{
+  char *path=malloc(strlen(argv[0]));
+  char *p;
+  uid_t euid = geteuid();
+  struct stat st;
+  if (0 == euid) {
+    fputs("Do not call this program with suid 0\n", stderr);
+    exit(0);
+  }
+  strcpy(path, argv[0]);
+  p = strrchr(path, '/');
+  if (p) {
+    *p = '\0';
+  } else {
+    fputs("Cannot detect the directory where this program located.\n", stderr);
+    exit(1);
+  }
+  
+  if (-1 == chdir(path)) {
+    fprintf(stderr, "Cannot chdir to %s\n", path);
+    exit(2);
+  }
+  if (0 > stat(CGISCRIPT_PATH, &st)) {
+    fprintf(stderr, "Cannot access %s\n", CGISCRIPT_PATH);
+    exit(3);
+  }
+  if (st.st_uid != euid) {
+    fputs("UID of cgi program mismatch\n", stderr);
+    fputs("Do chown so that wrapper and cgi files' uid matches.\n", stderr);
+    exit(4);
+  }
+  if (st.st_mode & (S_IWGRP | S_IWOTH)) {
+    fputs("This program is writable for group/others.\n", stderr);
+    fputs("Do chmod og-w for installed cgi-program.\n", stderr);
+    exit(5);
+  }
+  if (0 > stat(".", &st)) {
+    fputs("Cannot stat current directory\n", stderr);
+    fputs("Please ensure installed directory is readable.\n", stderr);
+    exit(6);
+  }
+/*
+  if (st.st_uid != euid) {
+    fputs("UID of directory mismatch\n", stderr);
+    fputs("Do chown so that wrapper and directorys' uid matches.\n", stderr);
+    exit(7);
+  }
+*/
+  if (st.st_mode & (S_IWGRP | S_IWOTH)) {
+    fputs("This directory is writable for group/others.\n", stderr);
+    fputs("Do chmod og-w for installed directory.\n", stderr);
+    exit(8);
+  }
+  argv[0] = CGISCRIPT_PATH;
+  execv(CGISCRIPT_PATH, argv);
+}
diff --git a/s4-start.sh b/s4-start.sh
index d489ec4..bee9b12 100755
--- a/s4-start.sh
+++ b/s4-start.sh
@@ -89,7 +89,16 @@
        -D_CASE_=$casefile s4.cgi.m4 > index.cgi && chmod +x index.cgi
     (echo "ADMIN=$ADMIN"
      [ "$guest" ] && echo "guestonlymode=1") >> s4-config.sh
-    rc=0
+    sq $db "REPLACE INTO user VALUES('$ADMIN');"
+    cat > .htaccess <<-EOF
+	DirectoryIndex	index.cgi
+	AddHandler cgi-script .cgi
+	EOF
+    if [ pwrap.c -nt index.cgi ]; then
+      ${CC:-gcc} -o index.cgi pwrap.c \
+	&& chmod u+s index.cgi \
+	&& rc=0
+    fi
   else
     echo Calling s4-init.sh 'FAILED!!'
   fi