diff --git a/common.debian b/common.debian
index 40e3368..66137cb 100644
--- a/common.debian
+++ b/common.debian
@@ -1,5 +1,8 @@
 # Image build scripts
-COPY imagefiles/install-gosu-binary.sh /buildscripts/
+COPY \
+  imagefiles/install-gosu-binary.sh \
+  imagefiles/install-gosu-binary-wrapper.sh \
+  /buildscripts/
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG REPO=http://cdn-fastly.deb.debian.org
@@ -45,4 +48,5 @@ RUN \
   && \
   apt-get clean --yes && \
   /buildscripts/install-gosu-binary.sh && \
+  /buildscripts/install-gosu-binary-wrapper.sh && \
   rm -rf /buildscripts
diff --git a/common.manylinux b/common.manylinux
index 42928ea..d624dc2 100644
--- a/common.manylinux
+++ b/common.manylinux
@@ -1,6 +1,7 @@
 # Image build scripts
 COPY \
   imagefiles/install-gosu-binary.sh \
+  imagefiles/install-gosu-binary-wrapper.sh \
   manylinux-common/install-python-packages.sh \
   /buildscripts/
 
@@ -16,8 +17,9 @@ RUN \
     wget \
     zip \
   && \
-	yum clean all && \
-	/buildscripts/install-gosu-binary.sh && \
+  yum clean all && \
+  /buildscripts/install-gosu-binary.sh && \
+  /buildscripts/install-gosu-binary-wrapper.sh && \
   # Remove sudo provided by "devtoolset-2" and "devtoolset-8" since it doesn't work with
   # our sudo wrapper calling gosu.
   rm -f /opt/rh/devtoolset-2/root/usr/bin/sudo && \
diff --git a/imagefiles/install-gosu-binary-wrapper.sh b/imagefiles/install-gosu-binary-wrapper.sh
new file mode 100755
index 0000000..64494b6
--- /dev/null
+++ b/imagefiles/install-gosu-binary-wrapper.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+set -ex
+set -o pipefail
+
+if ! command -v gosu &> /dev/null; then
+	echo >&2 'error: "gosu" not found!'
+	exit 1
+fi
+
+# verify that the binary works
+gosu nobody true
+
+# To ensure that our custom sudo wrapper is not
+# overwritten by a future re-install of sudo, it
+# is created in /usr/loca/bin
+
+cat << EOF >> /usr/local/bin/sudo
+#!/bin/sh
+# Emulate the sudo command
+exec gosu root:root "\$@"
+EOF
+
+chmod +x /usr/local/bin/sudo
+
diff --git a/imagefiles/install-gosu-binary.sh b/imagefiles/install-gosu-binary.sh
index 34a9fb3..0889653 100755
--- a/imagefiles/install-gosu-binary.sh
+++ b/imagefiles/install-gosu-binary.sh
@@ -44,18 +44,3 @@ fi
 rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc
 
 chmod +x /usr/local/bin/gosu
-
-# verify that the binary works
-gosu nobody true
-
-
-cat << EOF >> /usr/bin/sudo
-#!/bin/sh
-
-# Emulate the sudo command
-
-exec gosu root:root "\$@"
-
-EOF
-
-chmod +x /usr/bin/sudo
diff --git a/web-wasm/Dockerfile.in b/web-wasm/Dockerfile.in
index 8291014..2e40680 100644
--- a/web-wasm/Dockerfile.in
+++ b/web-wasm/Dockerfile.in
@@ -5,7 +5,7 @@ MAINTAINER Matt McCormick "matt.mccormick@kitware.com"
 # See https://github.com/asRIA/emscripten-docker/blob/master/Dockerfile.in#L4
 RUN rm /bin/sh && ln -s /bin/dash /bin/sh
 
-COPY install-gosu-sudo.sh /buildscripts/
+COPY imagefiles/install-gosu-binary-wrapper.sh /buildscripts/
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG REPO=http://cdn-fastly.deb.debian.org
@@ -51,7 +51,7 @@ RUN \
     zlib1g-dev \
   && \
   apt-get clean --yes && \
-  /buildscripts/install-gosu-sudo.sh && \
+  /buildscripts/install-gosu-binary-wrapper.sh && \
   rm -rf /buildscripts
 
 #include "common.docker"
diff --git a/web-wasm/install-gosu-sudo.sh b/web-wasm/install-gosu-sudo.sh
deleted file mode 100755
index 7f15307..0000000
--- a/web-wasm/install-gosu-sudo.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/usr/bin/env bash
-
-# verify that the binary works
-gosu nobody true
-
-
-cat << EOF >> /usr/bin/sudo
-#!/bin/sh
-
-# Emulate the sudo command
-
-exec gosu root:root "\$@"
-
-EOF
-
-chmod +x /usr/bin/sudo