diff --git a/management/univention-join/20univention-join.inst b/management/univention-join/20univention-join.inst
index 3eb01f8..2316341 100755
--- a/management/univention-join/20univention-join.inst
+++ b/management/univention-join/20univention-join.inst
@@ -88,7 +88,7 @@ fi
 
 test -x /usr/sbin/nscd && nscd -i passwd
 if is_ucr_true nss/group/cachefile; then
-	/usr/lib/univention-pam/ldap-group-to-file.py
+	/usr/lib/univention-pam/ldap-group-to-file.py || die
 else
 	test -x /usr/sbin/nscd && nscd -i group
 fi
@@ -96,44 +96,44 @@ fi
 sleep 2
 
 if [ "$server_role" = "domaincontroller_master" -o "$server_role" = "domaincontroller_backup" -o "$server_role" = "domaincontroller_slave" ]; then
-	test -e /etc/backup-join.secret && chgrp "Backup Join" /etc/backup-join.secret && chmod 640 /etc/backup-join.secret
-	test -e /etc/slave-join.secret  && chgrp "Slave Join"  /etc/slave-join.secret  && chmod 640 /etc/slave-join.secret
+	test -e /etc/backup-join.secret && (chgrp "Backup Join" /etc/backup-join.secret && chmod 640 /etc/backup-join.secret || die)
+	test -e /etc/slave-join.secret  && (chgrp "Slave Join"  /etc/slave-join.secret  && chmod 640 /etc/slave-join.secret || die)
 
-	chgrp "DC Backup Hosts" /etc/univention/ssl/
+	chgrp "DC Backup Hosts" /etc/univention/ssl/ || die
 
-	test -e /etc/univention/ssl/openssl.cnf && chgrp "DC Backup Hosts" /etc/univention/ssl/openssl.cnf    && chmod g+rw /etc/univention/ssl/openssl.cnf
+	test -e /etc/univention/ssl/openssl.cnf && (chgrp "DC Backup Hosts" /etc/univention/ssl/openssl.cnf    && chmod g+rw /etc/univention/ssl/openssl.cnf || die)
 
-	test -e /etc/univention/ssl/password    && chgrp "DC Backup Hosts" /etc/univention/ssl/password       && chmod g+rw /etc/univention/ssl/password
+	test -e /etc/univention/ssl/password    && (chgrp "DC Backup Hosts" /etc/univention/ssl/password       && chmod g+rw /etc/univention/ssl/password || die)
 
-	test -d "/etc/univention/ssl/$hostname" && chgrp -R "DC Backup Hosts" "/etc/univention/ssl/$hostname" && chmod g+rwx "/etc/univention/ssl/$hostname" && find "/etc/univention/ssl/$hostname/" -type f | xargs chmod g+rw
+	test -d "/etc/univention/ssl/$hostname" && (chgrp -R "DC Backup Hosts" "/etc/univention/ssl/$hostname" && chmod g+rwx "/etc/univention/ssl/$hostname" && find "/etc/univention/ssl/$hostname/" -type f | xargs chmod g+rw || die)
 
 	if [ -d /etc/univention/ssl/ucsCA ]; then
-		chgrp -R "DC Backup Hosts" /etc/univention/ssl/ucsCA
-		find /etc/univention/ssl/ucsCA/ -type d | xargs chmod g+rwx
-		find /etc/univention/ssl/ucsCA/ -type f | xargs chmod g+rw
+		chgrp -R "DC Backup Hosts" /etc/univention/ssl/ucsCA || die
+		find /etc/univention/ssl/ucsCA/ -type d | xargs chmod g+rwx || die
+		find /etc/univention/ssl/ucsCA/ -type f | xargs chmod g+rw || die
 	fi
 
-	test -e /etc/ldap-backup.secret && chgrp "DC Backup Hosts"  /etc/ldap-backup.secret && chmod 640 /etc/ldap-backup.secret
-	test -e /etc/univention/ssl/ucsCA/CAcert.pem && chgrp "DC Slave Hosts"  /etc/univention/ssl/ucsCA/CAcert.pem && chmod 644 /etc/univention/ssl/ucsCA/CAcert.pem
+	test -e /etc/ldap-backup.secret && (chgrp "DC Backup Hosts"  /etc/ldap-backup.secret && chmod 640 /etc/ldap-backup.secret || die)
+	test -e /etc/univention/ssl/ucsCA/CAcert.pem && (chgrp "DC Slave Hosts"  /etc/univention/ssl/ucsCA/CAcert.pem && chmod 644 /etc/univention/ssl/ucsCA/CAcert.pem || die)
 
 	if [ -d "/etc/univention/ssl/univention-directory-manager" ]; then
-		chgrp -R "DC Backup Hosts" /etc/univention/ssl/univention-directory-manager
-		find /etc/univention/ssl/univention-directory-manager/ -type d | xargs chmod g+rwx
-		find /etc/univention/ssl/univention-directory-manager/ -type f | xargs chmod g+rw
+		chgrp -R "DC Backup Hosts" /etc/univention/ssl/univention-directory-manager || die
+		find /etc/univention/ssl/univention-directory-manager/ -type d | xargs chmod g+rwx || die
+		find /etc/univention/ssl/univention-directory-manager/ -type f | xargs chmod g+rw || die
 	fi
 
-	test -e /etc/ldap.secret && chgrp "DC Backup Hosts" /etc/ldap.secret && chmod 640 /etc/ldap.secret
+	test -e /etc/ldap.secret && (chgrp "DC Backup Hosts" /etc/ldap.secret && chmod 640 /etc/ldap.secret || die)
 
 	if [ -d /var/lib/heimdal-kdc ]; then
-		chgrp -R "DC Backup Hosts" /var/lib/heimdal-kdc
-		find /var/lib/heimdal-kdc/ -type d | xargs chmod g+rwx
-		find /var/lib/heimdal-kdc/ -type f | xargs chmod g+rw
+		chgrp -R "DC Backup Hosts" /var/lib/heimdal-kdc || die
+		find /var/lib/heimdal-kdc/ -type d | xargs chmod g+rwx || die
+		find /var/lib/heimdal-kdc/ -type f | xargs chmod g+rw || die
 	fi
 
 	if [ -e /etc/univention/ssl ]; then
-		res=`find /etc/univention/ssl/ -group root`
+		res="$(find /etc/univention/ssl/ -group root)"
 		if [ -n "$res" ]; then
-			find /etc/univention/ssl/ -group root | xargs chown root."DC Backup Hosts"
+			find /etc/univention/ssl/ -group root | xargs chown root."DC Backup Hosts" || die
 		fi
 	fi
 fi
@@ -144,7 +144,7 @@ udm computers/$server_role modify "$@" --dn "$ldap_hostdn" \
 
 # create ssl/validity/... to avoid nagios UNIVENTION_SSL warnings
 if [ -x /usr/sbin/univention-certificate-check-validity ]; then
-	/usr/sbin/univention-certificate-check-validity
+	/usr/sbin/univention-certificate-check-validity || die
 fi
 
 joinscript_save_current_version