diff --git a/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp b/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
index dbaeeb7dd..381ce72f7 100644
--- a/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
+++ b/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
@@ -66,7 +66,7 @@ define secgen_functions::install_setgid_binary (
     ensure  => present,
     owner   => 'root',
     group   => $group,
-    mode    => '4771',
+    mode    => '2771',
     source  => "$compile_directory/$challenge_name",
     require => Exec["gcc_$challenge_name-$compile_directory"],
   }
diff --git a/modules/build/puppet/secgen_functions/manifests/install_setgid_script.pp b/modules/build/puppet/secgen_functions/manifests/install_setgid_script.pp
index ffe481055..0d86238dd 100644
--- a/modules/build/puppet/secgen_functions/manifests/install_setgid_script.pp
+++ b/modules/build/puppet/secgen_functions/manifests/install_setgid_script.pp
@@ -53,7 +53,7 @@ define secgen_functions::install_setgid_script (
     ensure  => present,
     owner   => 'root',
     group   => $group,
-    mode    => '4775',
+    mode    => '2775',
     content => $script_data,
     require => Group[$group],
   }
@@ -66,7 +66,7 @@ define secgen_functions::install_setgid_script (
     owner             => 'root',
     group             => $group,
     mode              => '0440',
-    leaked_from       => "accounts_$username",
+    leaked_from       => "$source_module_name-$module_name",
     require           => Group[$group],
   }
 
diff --git a/modules/build/puppet/secgen_functions/manifests/install_setuid_root_script.pp b/modules/build/puppet/secgen_functions/manifests/install_setuid_root_script.pp
index 31edc65ed..d495a5b6a 100644
--- a/modules/build/puppet/secgen_functions/manifests/install_setuid_root_script.pp
+++ b/modules/build/puppet/secgen_functions/manifests/install_setuid_root_script.pp
@@ -1,14 +1,16 @@
-# Install function for setuid_root binaries
+# Install function for setgid binaries
 # -- Modules calling this function must provide a Makefile and any .c files within it's <module_name>/files directory
 
-define secgen_functions::install_setuid_root_binary (
-  $challenge_name,           # Challenge name, used for the wrapper-directory
-  $source_module_name,      # Name of the module that calls this function
-  $account,                 # User account (leak here if $storage_directory is not supplied)
-  $flag,                    # ctf flag string
+define secgen_functions::install_setuid_root_script (
+  $challenge_name, # Challenge name, used for the wrapper-directory
+  $script_name, # Script filename
+  $script_data, # Script data
+  $source_module_name, # Name of the module that calls this function
+  $account, # User account
+  $flag, # ctf flag string
   $flag_name, # ctf flag name
-  $storage_dir = '',      # Optional: Storage directory (takes precedent if supplied, e.g. nfs / smb share dir)
-  $strings_to_leak = [''],  # Optional: strings to leak (could contain instructions or a message)
+  $storage_dir     = '', # Optional: Storage directory (takes precedent if supplied, e.g. nfs / smb share dir)
+  $strings_to_leak = [''], # Optional: strings to leak (could contain instructions or a message)
 ) {
 
   if $account {
@@ -37,33 +39,16 @@ define secgen_functions::install_setuid_root_binary (
 
   # Create challenge directory
   ::secgen_functions::create_directory { "create_$challenge_directory":
-    path => $challenge_directory,
-    notify => File["create_$compile_directory"],
-  }
-
-  # Move contents of the module's files directory into compile directory
-  file { "create_$compile_directory":
-    path => $compile_directory,
-    ensure  => directory,
-    recurse => true,
-    source  => $modules_source,
-  }
-
-  # Build the binary with gcc
-  exec { "gcc_$challenge_name-$compile_directory":
-    cwd     => $compile_directory,
-    command => "/usr/bin/make",
-    require => File["create_$compile_directory"]
+    path   => $challenge_directory,
+    notify => File["$challenge_directory/$script_name"],
   }
 
   # Move the compiled binary into the challenge directory
-  file { "$challenge_directory/$challenge_name":
+  file { "$challenge_directory/$script_name":
     ensure  => present,
     owner   => 'root',
-    group   => 'root',
-    mode    => '4755',
-    source  => "$compile_directory/$challenge_name",
-    require => Exec["gcc_$challenge_name-$compile_directory"],
+    mode    => '4775',
+    content => $script_data,
   }
 
   # Drop the flag file on the box and set permissions
@@ -73,14 +58,7 @@ define secgen_functions::install_setuid_root_binary (
     strings_to_leak   => [$flag],
     owner             => 'root',
     mode              => '0400',
-    leaked_from       => "accounts_$username",
-    require           => Exec["gcc_$challenge_name-$compile_directory"],
-    notify            => Exec["remove_$compile_directory"],
+    leaked_from       => "$source_module_name-$module_name",
   }
 
-  # Remove compile directory
-  exec { "remove_$compile_directory":
-    command => "/bin/rm -rf $compile_directory",
-    require => [File["$challenge_directory/$challenge_name"]]
-  }
 }
diff --git a/modules/vulnerabilities/unix/ctf/ruby_challenge_example/manifests/install.pp b/modules/vulnerabilities/unix/ctf/ruby_challenge_example/manifests/install.pp
index c098d9b44..da7ff1fb1 100644
--- a/modules/vulnerabilities/unix/ctf/ruby_challenge_example/manifests/install.pp
+++ b/modules/vulnerabilities/unix/ctf/ruby_challenge_example/manifests/install.pp
@@ -28,16 +28,18 @@ class ruby_challenge_example::install {
       storage_dir        => $storage_dir,
       strings_to_leak    => $secgen_params['strings_to_leak'],
     }
-  # } else {
-    # ::secgen_functions::install_setuid_root_binary { 'ruby_challenge_example':
-    #   source_module_name     => $module_name,
-    #   challenge_name         => $secgen_params['challenge_name'][0],
-    #   account                => $account,
-    #   flag                   => $secgen_params['flag'][0],
-    #   flag_name              => 'flag',
-    #   storage_dir            => $storage_dir,
-    #   strings_to_leak        => $secgen_params['strings_to_leak'],
-    # }
+  } else {
+    ::secgen_functions::install_setuid_root_script { 'ruby_challenge_example':
+      source_module_name => $module_name,
+      challenge_name     => $secgen_params['challenge_name'][0],
+      script_name        => 'test.rb',
+      script_data        => $script_data[0],
+      account            => $account,
+      flag               => $secgen_params['flag'][0],
+      flag_name          => 'flag',
+      storage_dir        => $storage_dir,
+      strings_to_leak    => $secgen_params['strings_to_leak'],
+    }
   }
 
 }
diff --git a/modules/vulnerabilities/unix/ctf/ruby_challenge_example/secgen_metadata.xml b/modules/vulnerabilities/unix/ctf/ruby_challenge_example/secgen_metadata.xml
index be1b05679..f1470962b 100644
--- a/modules/vulnerabilities/unix/ctf/ruby_challenge_example/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/ctf/ruby_challenge_example/secgen_metadata.xml
@@ -14,24 +14,21 @@
   <access>local</access>
   <platform>linux</platform>
 
-  <!-- binary dropped in account's home directory by default. -->
+  <!-- script dropped in account's home directory by default with setuid configuration. -->
   <read_fact>challenge_name</read_fact>
   <read_fact>script_data</read_fact>
-  <read_fact>group</read_fact>
   <read_fact>account</read_fact>
   <read_fact>flag</read_fact>
   <!-- storage_directory: Blank by default. If supplied, store the files here. e.g. NFS or SMB storage location -->
   <read_fact>storage_directory</read_fact>
-
+  <!--  group: Blank by default. If supplied install script challenge as setgid  -->
+  <read_fact>group</read_fact>
   <default_input into="challenge_name">
     <value>ruby_script_example</value>
   </default_input>
   <default_input into="script_data">
     <generator module_path=".*ruby_example"/>
   </default_input>
-  <default_input into="group">
-    <value>test1</value>
-  </default_input>
   <default_input into="account">
     <generator type="account">
       <input into="username">
diff --git a/scenarios/examples/ctf_challenge_examples/setgid_script_example.xml b/scenarios/examples/ctf_challenge_examples/setgid_script_example.xml
index c9432e679..01d24c52b 100644
--- a/scenarios/examples/ctf_challenge_examples/setgid_script_example.xml
+++ b/scenarios/examples/ctf_challenge_examples/setgid_script_example.xml
@@ -4,12 +4,12 @@
 	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
 
-	<!-- an example system with a setgid binary. -->
+	<!-- an example system with a setgid script challenge. -->
 	<system>
 		<system_name>group_challenges</system_name>
 		<base platform="linux" type="server"/>
 
-		<!-- 1) Default uses an account and drops the binary in the users home directory -->
+		<!-- 1) Default uses an account and drops the challenge in the users home directory -->
 		<vulnerability type="script_challenge">
           <input into="group">
             <value>task1</value>
@@ -17,7 +17,7 @@
         </vulnerability>
 
 		<!-- 2) Using a custom storage directory -->
-		<!--<vulnerability type="pwnable_binary">-->
+		<!--<vulnerability type="script_challenge">-->
           <!--<input into="group">-->
             <!--<value>task2</value>-->
           <!--</input>-->
diff --git a/scenarios/examples/ctf_challenge_examples/setuid_script_example.xml b/scenarios/examples/ctf_challenge_examples/setuid_script_example.xml
new file mode 100644
index 000000000..144f1e46f
--- /dev/null
+++ b/scenarios/examples/ctf_challenge_examples/setuid_script_example.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<!-- an example system with a setuid script challenge. -->
+	<system>
+		<system_name>setuid_challenges</system_name>
+		<base platform="linux" type="server"/>
+
+		<!-- 1) Default uses an account and drops the challenge in the users home directory -->
+		<vulnerability type="script_challenge"/>
+
+		<!-- 2) Using a custom storage directory -->
+		<!--<vulnerability type="script_challenge">-->
+          <!--<input into="account">-->
+            <!--<value/>-->
+          <!--</input>-->
+          <!--<input into="storage_directory">-->
+            <!--<value>/test/hidden/challenges</value>-->
+          <!--</input>-->
+        <!--</vulnerability>-->
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>