diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 2088d2e..e3bb252 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -2648,6 +2648,15 @@ int LDAPManager::writeClientCronFiles(TQString *errstr) {
 		stream << CRON_UPDATE_NSS_COMMAND << "\n";
 
 		file.close();
+
+		if (chmod(CRON_UPDATE_NSS_FILE, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH) < 0) {
+			if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(CRON_UPDATE_NSS_FILE);
+			return -1;
+		}
+	}
+	else {
+		if (errstr) *errstr = TQString("Unable to write file \"%1\"").arg(CRON_UPDATE_NSS_FILE);
+		return -1;
 	}
 
 	if (system(CRON_UPDATE_NSS_COMMAND) < 0) {
@@ -2658,7 +2667,7 @@ int LDAPManager::writeClientCronFiles(TQString *errstr) {
 	return 0;
 }
 
-void LDAPManager::writePrimaryRealmCertificateUpdateCronFile() {
+int LDAPManager::writePrimaryRealmCertificateUpdateCronFile(TQString *errstr) {
 	TQFile file(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE);
 	if (file.open(IO_WriteOnly)) {
 		TQTextStream stream( &file );
@@ -2670,12 +2679,23 @@ void LDAPManager::writePrimaryRealmCertificateUpdateCronFile() {
 		stream << CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND << "\n";
 
 		file.close();
+
+		if (chmod(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH) < 0) {
+			if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE);
+			return -1;
+		}
+	}
+	else {
+		if (errstr) *errstr = TQString("Unable to write file \"%1\"").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE);
+		return -1;
 	}
 
 	if (system(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND) < 0) {
-		printf("ERROR: Execution of \"%s\" failed!\n\r", CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND);
-		return;
+		if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND);
+		return -1;
 	}
+
+	return 0;
 }
 
 LDAPRealmConfigList LDAPManager::readTDERealmList(KSimpleConfig* config, bool disableAllBonds) {
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index f6b5e54..08dbb65 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -430,7 +430,7 @@ class LDAPManager : public TQObject {
 		int getTDECertificate(TQString certificateName, TQString fileName, TQString *errstr=0);
 		int setPasswordForUser(LDAPUserInfo user, TQString *errstr);
 
-		static void writePrimaryRealmCertificateUpdateCronFile();
+		static int writePrimaryRealmCertificateUpdateCronFile(TQString *errstr=0);
 		static TQString getMachineFQDN();
 		static int writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config, TQString *errstr=0);
 		static LDAPRealmConfigList readTDERealmList(KSimpleConfig* config, bool disableAllBonds=false);