diff --git a/cbox-build.sh b/cbox-build.sh
index bcd78ed..15ff94a 100755
--- a/cbox-build.sh
+++ b/cbox-build.sh
@@ -56,20 +56,11 @@ CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
 TEMPLATE_DIR="cbox-tree.d"
 
 # dfsbuild config
-CONFIG=$(get_config_file dfs-cbox.conf)
+DFS_CONFIG=$(get_config_file dfs-cbox.conf)
 
 # the chroot-wrapper within the cryptobox
 CHROOT_START="/usr/lib/cryptobox/chroot-start.sh"
 
-# qemu network configuration file
-QEMU_IFUP_FILE=$(get_config_file qemu-ifup)
-
-# to connect to a development cryptobox with ssh
-SSH_CONFIG_FILE=$(get_config_file ssh_config)
-
-# extract the hostname of the cryptobox from the ssh_config file
-SSH_HOST=$(grep "^Host " "$SSH_CONFIG_FILE" | head -1 | sed 's/^Host *\(.*\)$/\1/')
-
 
 ############# include local configuration ##############
 
@@ -89,7 +80,7 @@ IMAGE_DIR="$BUILD_DIR/image"
 function run_dfsbuild()
 {
 	[ ! -e "$BUILD_DIR" ] && mkdir -p "$BUILD_DIR" && echo "das BuildDir ($BUILD_DIR) wurde angelegt ..."
-	dfsbuild -c "$CONFIG" -w "$BUILD_DIR" 
+	dfsbuild -c "$DFS_CONFIG" -w "$BUILD_DIR" 
 	
 	# remove iso image of dfsbuild - it is not necessary
 	[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"
@@ -157,9 +148,11 @@ function blanknburn_cdrw()
 
 # initialize local directories (easier for users)
 for a in $LOCALCONF_DIR $CUSTOM_CONFIGURE_DIR
-	do	[ ! -e "$a" ] && mkdir "$a"
+	do	[ ! -e "$a" ] && mkdir "$a" && chown --reference=. "$a"
   done
 
+# check for uid=0 (necessary for all operations)
+[ "$(id -u)" -ne 0 ] && echo "this script ($0) has to be called as root" >&2 && exit 1
 
 while [ $# -gt 0 ]
    do	case "$1" in
diff --git a/cbox-dev.sh b/cbox-dev.sh
index e5b5613..47f06ec 100644
--- a/cbox-dev.sh
+++ b/cbox-dev.sh
@@ -43,9 +43,6 @@ CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
 # template directory for cryptobox specific configuration
 TEMPLATE_DIR="cbox-tree.d"
 
-# dfsbuild config
-CONFIG=$(get_config_file dfs-cbox.conf)
-
 # the chroot-wrapper within the cryptobox
 CHROOT_START="/usr/lib/cryptobox/chroot-start.sh"
 
@@ -71,6 +68,11 @@ if [ -e "$(get_config_file cbox-dev.conf)" ]
 # the BUILD_DIR is defined in the local cbox-dev.conf
 IMAGE_DIR="$BUILD_DIR/image"
 
+# read some cryptobox settings (especially "DEV_FEATURES_SCRIPT")
+if [ -e "$TEMPLATE_DIR/etc/cryptobox/cryptobox.conf" ]
+	then	source "$TEMPLATE_DIR/etc/cryptobox/cryptobox.conf"
+	else	echo "cryptobox.conf ($TEMPLATE_DIR/etc/cryptobox/cryptobox.conf) does not exist!" >&2
+  fi
 
 ####################### functions ######################
 
@@ -141,6 +143,7 @@ function box_diff()
 	ssh -F "$SSH_CONFIG_FILE" "$SSH_HOST" "$DEV_FEATURES_SCRIPT" diff
 }
 
+
 ############################# main #####################################
 
 [ $# -eq 0 ] && echo "[`basename $0`] - no arguments supplied - maybe you want to use '--help'"
@@ -160,6 +163,8 @@ case "$1" in
 		upload2box
 		;;
 	chroot )
+		# chroot may only be called as root
+		[ "$(id -u)" -ne 0 ] && echo "the action 'chroot' may only be called as root!" >&2 && exit 1
 		if [ ! -x "$IMAGE_DIR/$CHROOT_START" ]
 		   then	echo "the chroot init script ("$IMAGE_DIR/$CHROOT_START") is not executable"
 			echo "maybe you should run '`basename $0` cb-config' first"
@@ -182,5 +187,4 @@ case "$1" in
 		$0 help
 		exit 1
 		;;
-	  esac
   esac
diff --git a/etc-defaults.d/qemu-ifup b/etc-defaults.d/qemu-ifup
index b3d5664..6ba4c7b 100755
--- a/etc-defaults.d/qemu-ifup
+++ b/etc-defaults.d/qemu-ifup
@@ -2,6 +2,8 @@
 #
 # this is the qemu-ifup script that should be run at qemu's boot
 #
+# maybe you have to include this script in your /etc/sudoers file because it has to run as root
+#
 
 # determine the interface to the outside
 IF_WORLD=`/sbin/route -n | grep " UG " | sed "s/  */ /g" | cut -d " " -f 8 | head -1`