diff --git a/checkin_notes b/checkin_notes
index 85f7fcb8da..9b0be360d3 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -5876,3 +5876,15 @@ David  12 June 2006
 
     lib/
         filesys.h
+
+Charlie 13 June 2006
+    - more sandbox stuff, with #ifdef SANDBOX.
+
+    client/
+        app_start.C
+        client_types.C
+        file_names.C
+        gui_rpc_server.C
+        main.C
+    clientgui/
+        BOINCGUIApp.cpp
diff --git a/client/app_start.C b/client/app_start.C
index 681f637de2..16dedfdc94 100644
--- a/client/app_start.C
+++ b/client/app_start.C
@@ -97,9 +97,10 @@ static int make_link(const char *existing, const char *new_link) {
     fprintf(fp, "<soft_link>%s</soft_link>\n", existing);
     fclose(fp);
 #ifdef SANDBOX
-    boinc_chown(new_link, gstate.boinc_project_gid);
-#endif
+    return boinc_chown(new_link, gstate.boinc_project_gid);
+#else
     return 0;
+#endif
 }
 
 int ACTIVE_TASK::link_user_files() {
diff --git a/client/client_types.C b/client/client_types.C
index 712c58d601..d920cd42d5 100644
--- a/client/client_types.C
+++ b/client/client_types.C
@@ -556,7 +556,7 @@ int FILE_INFO::set_permissions() {
     // in case someone runs BOINC from different user
 
 #ifdef SANDBOX
-    retval = chown(pathname, (uid_t)-1, gstate.boinc_project_gid);
+    retval = boinc_chown(pathname, gstate.boinc_project_gid);
     if (retval) return retval;
     if (executable) {
         retval = chmod(pathname,
diff --git a/client/file_names.C b/client/file_names.C
index 4369cc2c52..bc4d5726d9 100644
--- a/client/file_names.C
+++ b/client/file_names.C
@@ -105,12 +105,16 @@ int make_project_dir(PROJECT& p) {
 
     boinc_mkdir(PROJECTS_DIR);
 #ifdef SANDBOX
-    boinc_chown(PROJECTS_DIR, gstate.boinc_projects_gid);
+    boinc_chown(PROJECTS_DIR, gstate.boinc_project_gid);
+    chmod(PROJECTS_DIR,
+            S_IRUSR|S_IWUSR|S_IXUSR
+            |S_IRGRP|S_IXGRP
+        );
 #endif
     get_project_dir(&p, buf);
     retval = boinc_mkdir(buf);
 #ifdef SANDBOX
-    boinc_chown(buf, gstate.boinc_projects_gid);
+    boinc_chown(buf, gstate.boinc_project_gid);
 #endif
     return retval;
 }
@@ -138,12 +142,16 @@ int make_slot_dir(int slot) {
     }
     boinc_mkdir(SLOTS_DIR);
 #ifdef SANDBOX
-    boinc_chown(SLOTS_DIR, gstate.boinc_projects_gid);
+    boinc_chown(SLOTS_DIR, gstate.boinc_project_gid);
+    chmod(SLOTS_DIR,
+            S_IRUSR|S_IWUSR|S_IXUSR
+            |S_IRGRP|S_IXGRP
+        );
 #endif
     get_slot_dir(slot, buf);
     int retval = boinc_mkdir(buf);
 #ifdef SANDBOX
-    boinc_chown(buf, gstate.boinc_projects_gid);
+    boinc_chown(buf, gstate.boinc_project_gid);
 #endif
     return retval;
 }
diff --git a/client/gui_rpc_server.C b/client/gui_rpc_server.C
index e369e6daab..1bc910cd5c 100644
--- a/client/gui_rpc_server.C
+++ b/client/gui_rpc_server.C
@@ -103,7 +103,7 @@ int GUI_RPC_CONN_SET::get_password() {
             // they can cause code to execute as this user.
             // So better protect it.
             //
-#ifdef sandbox
+#ifdef SANDBOX
             // Allow group access so authorized administrator can modify it
             chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR | S_IRGRP | S_IWGRP);
 #else
diff --git a/client/main.C b/client/main.C
index df00aabe8c..8d357b16fd 100644
--- a/client/main.C
+++ b/client/main.C
@@ -345,7 +345,7 @@ static void init_core_client(int argc, char** argv) {
 
 #endif
 
-#ifdef sandbox
+#ifdef SANDBOX
     umask (2);  // Set file creation mask to be writable by both user and group
                 // Our umask will be inherited by all our child processes
 #endif
diff --git a/clientgui/BOINCGUIApp.cpp b/clientgui/BOINCGUIApp.cpp
index a29b5aee54..e1fd1b59cb 100644
--- a/clientgui/BOINCGUIApp.cpp
+++ b/clientgui/BOINCGUIApp.cpp
@@ -23,6 +23,8 @@
 
 #ifdef __WXMAC__
 #include <Carbon/Carbon.h>
+#include "filesys.h"
+#include "util.h"
 #endif
 
 #include "stdwx.h"
@@ -241,7 +243,7 @@ bool CBrandingScheme::OnInit( wxConfigBase *pConfig ) {
 
 bool CBOINCGUIApp::OnInit() {
 
-#ifdef sandbox
+#ifdef SANDBOX
     umask (2);  // Set file creation mask to be writable by both user and group
                 // Our umask will be inherited by all our child processes
 #endif
@@ -316,8 +318,16 @@ bool CBOINCGUIApp::OnInit() {
     if (success) {
         // If SetWD failed, don't create a directory in wrong place
         strDirectory += wxT("BOINC Data");  // We don't customize BOINC Data directory name for branding
-        if (! wxDirExists(strDirectory))
+        if (! wxDirExists(strDirectory)) {
+#ifdef SANDBOX
+            gid_t gid;
+            success = wxMkdir(strDirectory, 0750);    // Does nothing if dir exists
+            lookup_group("boinc_project", gid);
+            boinc_chown("BOINC Data", gid);
+#else
             success = wxMkdir(strDirectory, 0777);    // Does nothing if dir exists
+#endif
+        }
         success = ::wxSetWorkingDirectory(strDirectory);
 //    wxChar *wd = wxGetWorkingDirectory(buf, 1000);  // For debugging
     }