1) sh -x /opt/zimbra/bin/postfix status
Try to dig deeper on why postfix thinks it down.
2) This looks like a bug where the zimbra script was not installed. Can you file it with details about your OS, and the version you installed. For now you can get it from libexex/zimbra
3) Looks like tomcat came up ok. Does ps -ef | grep tomcat find it?
unable to restart zimbra after reboot
-
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
unable to restart zimbra after reboot
So I did
find /etc/rc* -name ???zimbra -exec rm -f {} ;
update-rc.d zimbra defaults
And finally, a hard powercycle on the running installation seems to get a LIVE zimbra mailbox store!!!
Regards,
Lieven
langoest:~# su - zimbra
zimbra@langoest:~$ zmcontrol start
Host langoest.ugent.be
Starting logger...Done.
Starting mailbox...Done.
Starting spell...Done.
zimbra@langoest:~$ ps -ef | grep tomcat
zimbra 9433 1 39 10:33 pts/0 00:00:03 /opt/zimbra/jdk1.5.0_06/bin/java -Xms607m -Xmx607m -client -XX:NewRatio=2 -Dcatalina.base=/opt/zimbra/apache-tomcat-5.5.15 -Dcatalina.home=/opt/zimbra/apache-tomcat-5.5.15 -Djava.io.tmpdir=/opt/zimbra/apache-tomcat-5.5.15/temp -Djava.library.path=/opt/zimbra/lib/jars -Djava.endorsed.dirs=/opt/zimbra/apache-tomcat-5.5.15/common/endorsed -classpath /opt/zimbra/apache-tomcat-5.5.15/bin/bootstrap.jar:/opt/zimbra/apache-tomcat-5.5.15/bin/commons-logging-api.jar org.apache.catalina.startup.Bootstrap start
zimbra 9663 8853 0 10:33 pts/0 00:00:00 grep tomcat
zimbra@langoest:~$ zmcontrol status
Host langoest.ugent.be
logger Running
mailbox Running
spell Running
find /etc/rc* -name ???zimbra -exec rm -f {} ;
update-rc.d zimbra defaults
And finally, a hard powercycle on the running installation seems to get a LIVE zimbra mailbox store!!!
Regards,
Lieven
langoest:~# su - zimbra
zimbra@langoest:~$ zmcontrol start
Host langoest.ugent.be
Starting logger...Done.
Starting mailbox...Done.
Starting spell...Done.
zimbra@langoest:~$ ps -ef | grep tomcat
zimbra 9433 1 39 10:33 pts/0 00:00:03 /opt/zimbra/jdk1.5.0_06/bin/java -Xms607m -Xmx607m -client -XX:NewRatio=2 -Dcatalina.base=/opt/zimbra/apache-tomcat-5.5.15 -Dcatalina.home=/opt/zimbra/apache-tomcat-5.5.15 -Djava.io.tmpdir=/opt/zimbra/apache-tomcat-5.5.15/temp -Djava.library.path=/opt/zimbra/lib/jars -Djava.endorsed.dirs=/opt/zimbra/apache-tomcat-5.5.15/common/endorsed -classpath /opt/zimbra/apache-tomcat-5.5.15/bin/bootstrap.jar:/opt/zimbra/apache-tomcat-5.5.15/bin/commons-logging-api.jar org.apache.catalina.startup.Bootstrap start
zimbra 9663 8853 0 10:33 pts/0 00:00:00 grep tomcat
zimbra@langoest:~$ zmcontrol status
Host langoest.ugent.be
logger Running
mailbox Running
spell Running
unable to restart zimbra after reboot
hmmm.. part of my post vanished!
* /opt/zimbra/redolog/redo.log was owned by root:
langoest:~# ls -l /opt/zimbra/redolog/redo.log
-rw-r----- 1 root root 512 Apr 15 10:46 /opt/zimbra/redolog/redo.log
langoest:~# chown root:root /opt/zimbra/redolog/redo.log
langoest:~# su - zimbra -c 'zmcontrol start'
Host langoest.ugent.be
Starting logger...Done.
Starting mailbox...Done.
Starting spell...Done.
langoest:~# su - zimbra -c 'zmcontrol status'
Host langoest.ugent.be
logger Running
mailbox Running
spell Running
The rest of the story indicated a missing init script (previous post of droefs)
langoest:~# cp -a /opt/zimbra/libexec/zimbra /etc/init.d/
[paste the previous post here]
Lieven
* /opt/zimbra/redolog/redo.log was owned by root:
langoest:~# ls -l /opt/zimbra/redolog/redo.log
-rw-r----- 1 root root 512 Apr 15 10:46 /opt/zimbra/redolog/redo.log
langoest:~# chown root:root /opt/zimbra/redolog/redo.log
langoest:~# su - zimbra -c 'zmcontrol start'
Host langoest.ugent.be
Starting logger...Done.
Starting mailbox...Done.
Starting spell...Done.
langoest:~# su - zimbra -c 'zmcontrol status'
Host langoest.ugent.be
logger Running
mailbox Running
spell Running
The rest of the story indicated a missing init script (previous post of droefs)
langoest:~# cp -a /opt/zimbra/libexec/zimbra /etc/init.d/
[paste the previous post here]
Lieven
unable to restart zimbra after reboot
the script /opt/zimbra/bin/postfix contains a
postqueue -p
(At least) on a debian install, this returns with a rc of 70...
Hacked
/opt/zimbra/bin/postfix: (prepend sudo to postque line)
...
if [ $1 = "status" ]; then
sudo ${zimbra_home}/postfix-${postfix_version}/sbin/postqueue -p > /dev/null 2>&1
R=$?
...
and /etc/sudoers: (add line)
...
%zimbra ALL=NOPASSWD:/opt/zimbra/postfix-2.2.9/sbin/postqueue
...
This fixes the non-zero rc of postque....
Regarding the problem above, there still seems to be an issue with the sasl-config... I look into that later.
Regards,
Lieven
postqueue -p
(At least) on a debian install, this returns with a rc of 70...
Hacked
/opt/zimbra/bin/postfix: (prepend sudo to postque line)
...
if [ $1 = "status" ]; then
sudo ${zimbra_home}/postfix-${postfix_version}/sbin/postqueue -p > /dev/null 2>&1
R=$?
...
and /etc/sudoers: (add line)
...
%zimbra ALL=NOPASSWD:/opt/zimbra/postfix-2.2.9/sbin/postqueue
...
This fixes the non-zero rc of postque....
Regarding the problem above, there still seems to be an issue with the sasl-config... I look into that later.
Regards,
Lieven
unable to restart zimbra after reboot
lieven
1. postqueue should run setgid so you shouldn't need to sudo it; try running it by hand as the zimbra user "postqueue -p"
2. that line in the sudoers file will break after postfix gets upgraded
3. is the mta status showing that saslauthd isn't running?
1. postqueue should run setgid so you shouldn't need to sudo it; try running it by hand as the zimbra user "postqueue -p"
2. that line in the sudoers file will break after postfix gets upgraded
3. is the mta status showing that saslauthd isn't running?
unable to restart zimbra after reboot
[quote user="17224bobby"]lieven
1. postqueue should run setgid so you shouldn't need to sudo it; try running it by hand as the zimbra user "postqueue -p"
[/QUOTE]
zimbra@krab:~/log$ /opt/zimbra/postfix/sbin/postqueue -p
postqueue: fatal: Connect to the Postfix showq service: Permission denied
[quote user="17224bobby"]
2. that line in the sudoers file will break after postfix gets upgraded
[/QUOTE]
indeed.. but then I must first have another way to track down the problem
[quote user="17224bobby"]
3. is the mta status showing that saslauthd isn't running?
[/QUOTE]
indeed, it doesn't get started on zmcontrol start:
zimbra@krab:~/postfix/spool$ zmcontrol start
Host krab.ugent.be
Starting antispam...Done.
Starting antivirus...Done.
Starting mta...FAILED
getService: sasl
getService: webxml
getService: mailbox
getService: perdition
DO: /opt/zimbra/postfix/sbin/postconf -e content_filter='smtp-amavis:[127.0.0.1]:10024'
DO: /opt/zimbra/postfix/sbin/postconf -e myhostname='krab.ugent.be'
DO: /opt/zimbra/postfix/sbin/postconf -e recipient_delimiter=''
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_sasl_auth_enable='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_auth_only='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_use_tls='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e disable_dns_lookups='no'
DO: /opt/zimbra/postfix/sbin/postconf -e message_size_limit='10240000'
DO: /opt/zimbra/postfix/sbin/postconf -e relayhost=''
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_recipient_restrictions='reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit'
DO: /opt/zimbra/postfix/sbin/postconf -e alias_maps='hash:/etc/aliases'
DO: /opt/zimbra/postfix/sbin/postconf -e broken_sasl_auth_clients='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e command_directory='/opt/zimbra/postfix-2.2.9/sbin'
DO: /opt/zimbra/postfix/sbin/postconf -e daemon_directory='/opt/zimbra/postfix-2.2.9/libexec'
DO: /opt/zimbra/postfix/sbin/postconf -e header_checks='pcre:/opt/zimbra/conf/postfix_header_checks'
DO: /opt/zimbra/postfix/sbin/postconf -e mailq_path='/opt/zimbra/postfix-2.2.9/sbin/mailq'
DO: /opt/zimbra/postfix/sbin/postconf -e manpage_directory='/opt/zimbra/postfix-2.2.9/man'
DO: /opt/zimbra/postfix/sbin/postconf -e newaliases_path='/opt/zimbra/postfix-2.2.9/sbin/newaliases'
DO: /opt/zimbra/postfix/sbin/postconf -e queue_directory='/opt/zimbra/postfix-2.2.9/spool'
DO: /opt/zimbra/postfix/sbin/postconf -e sender_canonical_maps='ldap:/opt/zimbra/conf/ldap-scm.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e sendmail_path='/opt/zimbra/postfix-2.2.9/sbin/sendmail'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_client_restrictions='reject_unauth_pipelining'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_data_restrictions='reject_unauth_pipelining'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_helo_required='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_cert_file='/opt/zimbra/conf/smtpd.crt'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_key_file='/opt/zimbra/conf/smtpd.key'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_loglevel='3'
DO: /opt/zimbra/postfix/sbin/postconf -e transport_maps='ldap:/opt/zimbra/conf/ldap-transport.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e version='2.2.9'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_alias_domains='ldap://opt/zimbra/conf/ldap-vad.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_alias_maps='ldap:/opt/zimbra/conf/ldap-vam.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_mailbox_domains='ldap:/opt/zimbra/conf/ldap-vmd.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_mailbox_maps='ldap:/opt/zimbra/conf/ldap-vmm.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_transport='error'
saslauthd[31706] :set_auth_mech : failed to initialize mechanism zimbra
zmsaslauthdctl failed to start
MTA reports being stopped, but actually it is running but the problem is the saslauthd connection:
zimbra@krab:~/postfix/spool$ zmcontrol status
Host krab.ugent.be
antispam Running
antivirus Running
mta Stopped
zmsaslauthdctl is not running
I'm digging further...
1. postqueue should run setgid so you shouldn't need to sudo it; try running it by hand as the zimbra user "postqueue -p"
[/QUOTE]
zimbra@krab:~/log$ /opt/zimbra/postfix/sbin/postqueue -p
postqueue: fatal: Connect to the Postfix showq service: Permission denied
[quote user="17224bobby"]
2. that line in the sudoers file will break after postfix gets upgraded
[/QUOTE]
indeed.. but then I must first have another way to track down the problem
[quote user="17224bobby"]
3. is the mta status showing that saslauthd isn't running?
[/QUOTE]
indeed, it doesn't get started on zmcontrol start:
zimbra@krab:~/postfix/spool$ zmcontrol start
Host krab.ugent.be
Starting antispam...Done.
Starting antivirus...Done.
Starting mta...FAILED
getService: sasl
getService: webxml
getService: mailbox
getService: perdition
DO: /opt/zimbra/postfix/sbin/postconf -e content_filter='smtp-amavis:[127.0.0.1]:10024'
DO: /opt/zimbra/postfix/sbin/postconf -e myhostname='krab.ugent.be'
DO: /opt/zimbra/postfix/sbin/postconf -e recipient_delimiter=''
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_sasl_auth_enable='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_auth_only='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_use_tls='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e disable_dns_lookups='no'
DO: /opt/zimbra/postfix/sbin/postconf -e message_size_limit='10240000'
DO: /opt/zimbra/postfix/sbin/postconf -e relayhost=''
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_recipient_restrictions='reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit'
DO: /opt/zimbra/postfix/sbin/postconf -e alias_maps='hash:/etc/aliases'
DO: /opt/zimbra/postfix/sbin/postconf -e broken_sasl_auth_clients='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e command_directory='/opt/zimbra/postfix-2.2.9/sbin'
DO: /opt/zimbra/postfix/sbin/postconf -e daemon_directory='/opt/zimbra/postfix-2.2.9/libexec'
DO: /opt/zimbra/postfix/sbin/postconf -e header_checks='pcre:/opt/zimbra/conf/postfix_header_checks'
DO: /opt/zimbra/postfix/sbin/postconf -e mailq_path='/opt/zimbra/postfix-2.2.9/sbin/mailq'
DO: /opt/zimbra/postfix/sbin/postconf -e manpage_directory='/opt/zimbra/postfix-2.2.9/man'
DO: /opt/zimbra/postfix/sbin/postconf -e newaliases_path='/opt/zimbra/postfix-2.2.9/sbin/newaliases'
DO: /opt/zimbra/postfix/sbin/postconf -e queue_directory='/opt/zimbra/postfix-2.2.9/spool'
DO: /opt/zimbra/postfix/sbin/postconf -e sender_canonical_maps='ldap:/opt/zimbra/conf/ldap-scm.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e sendmail_path='/opt/zimbra/postfix-2.2.9/sbin/sendmail'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_client_restrictions='reject_unauth_pipelining'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_data_restrictions='reject_unauth_pipelining'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_helo_required='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_cert_file='/opt/zimbra/conf/smtpd.crt'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_key_file='/opt/zimbra/conf/smtpd.key'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_loglevel='3'
DO: /opt/zimbra/postfix/sbin/postconf -e transport_maps='ldap:/opt/zimbra/conf/ldap-transport.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e version='2.2.9'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_alias_domains='ldap://opt/zimbra/conf/ldap-vad.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_alias_maps='ldap:/opt/zimbra/conf/ldap-vam.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_mailbox_domains='ldap:/opt/zimbra/conf/ldap-vmd.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_mailbox_maps='ldap:/opt/zimbra/conf/ldap-vmm.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_transport='error'
saslauthd[31706] :set_auth_mech : failed to initialize mechanism zimbra
zmsaslauthdctl failed to start
MTA reports being stopped, but actually it is running but the problem is the saslauthd connection:
zimbra@krab:~/postfix/spool$ zmcontrol status
Host krab.ugent.be
antispam Running
antivirus Running
mta Stopped
zmsaslauthdctl is not running
I'm digging further...
unable to restart zimbra after reboot
is it actually running (ps ax | grep sasl) ? if so, does the pid match the one in /opt/zimbra/cyrus-sasl/state/saslauthd.pid?
you might just need to verify that the auth host is set:
runing this on the mta server should list the mailbox server:
zmprov gs MTAHOSTNAME | grep zimbraMtaAuthHost
if not, you can set it like this (on the mta host):
zmprov ms MTAHOSTNAME zimbraMtaAuthHost MAILBOXHOSTNAME
p.s. there should be a symlink from ~/postfix/ to ~/postfix-/ so you should be able to use that path in the sudoers to survive a postfix upgrade
what's the permissions look like on ~/sbin/postqueue?
you might just need to verify that the auth host is set:
runing this on the mta server should list the mailbox server:
zmprov gs MTAHOSTNAME | grep zimbraMtaAuthHost
if not, you can set it like this (on the mta host):
zmprov ms MTAHOSTNAME zimbraMtaAuthHost MAILBOXHOSTNAME
p.s. there should be a symlink from ~/postfix/ to ~/postfix-/ so you should be able to use that path in the sudoers to survive a postfix upgrade
what's the permissions look like on ~/sbin/postqueue?
unable to restart zimbra after reboot
Allright, we're one step further down the road:
zimbra@krab:~$ zmprov ms krab.ugent.be zimbraMtaAuthHost langoest.ugent.be
zimbra@krab:~$ zmcontrol stop
Host krab.ugent.be
Stopping antispam...Done
Stopping antivirus...Done
Stopping logger...Done
Stopping mailbox...Done
Stopping mta...Done
Stopping snmp...Done
Stopping spell...Done
zimbra@krab:~$ zmcontrol start
Host krab.ugent.be
Starting antispam...Done.
Starting antivirus...Done.
Starting mta...Done.
zimbra@krab:~$ zmcontrol status
Host krab.ugent.be
antispam Running
antivirus Running
mta Running
zimbra@krab:~$
about the postqueue permissions, is setuid postdrop:
zimbra@krab:~$ ls -al ~/postfix/sbin/postqueue
-rwxr-sr-x 1 root postdrop 462628 Mar 10 00:24 /opt/zimbra/postfix/sbin/postqueue
zimbra@krab:~$
Looked a bit further to the defaults on a postfix debian package, and it seems like the diff is in the postfix/spool/public (mind the postdrop group ownership of the public dir and its contents and the setgid on the dir itselve):
krab:/opt/zimbra# ls -al postfix/spool/public/
total 8
drwx--x--- 2 postfix postdrop 4096 Apr 16 22:54 .
drwxr-xr-x 16 root postfix 4096 Apr 14 14:58 ..
srw-rw-rw- 1 postfix postfix 0 Apr 16 22:54 cleanup
srw-rw-rw- 1 postfix postfix 0 Apr 16 22:54 flush
prw--w--w- 1 postfix postfix 0 Apr 16 23:02 pickup
prw--w--w- 1 postfix postfix 0 Apr 16 22:59 qmgr
srw-rw-rw- 1 postfix postfix 0 Apr 16 22:54 showq
krab:/opt/zimbra#
While a debian package lists the permissions as follows:
lieven@grasshop:/var/spool$ sudo ls -al postfix/public/
totaal 8
drwx--s--- 2 postfix postdrop 4096 2006-04-08 22:48 .
drwxr-xr-x 19 root root 4096 2006-04-08 00:05 ..
srw-rw-rw- 1 postfix postdrop 0 2006-04-08 22:48 cleanup
srw-rw-rw- 1 postfix postdrop 0 2006-04-08 22:48 flush
prw--w--w- 1 postfix postdrop 0 2006-04-16 23:03 pickup
prw--w--w- 1 postfix postdrop 0 2006-04-16 22:59 qmgr
srw-rw-rw- 1 postfix postdrop 0 2006-04-08 22:48 showq
lieven@grasshop:/var/spool$
zimbra@krab:~$ zmprov ms krab.ugent.be zimbraMtaAuthHost langoest.ugent.be
zimbra@krab:~$ zmcontrol stop
Host krab.ugent.be
Stopping antispam...Done
Stopping antivirus...Done
Stopping logger...Done
Stopping mailbox...Done
Stopping mta...Done
Stopping snmp...Done
Stopping spell...Done
zimbra@krab:~$ zmcontrol start
Host krab.ugent.be
Starting antispam...Done.
Starting antivirus...Done.
Starting mta...Done.
zimbra@krab:~$ zmcontrol status
Host krab.ugent.be
antispam Running
antivirus Running
mta Running
zimbra@krab:~$
about the postqueue permissions, is setuid postdrop:
zimbra@krab:~$ ls -al ~/postfix/sbin/postqueue
-rwxr-sr-x 1 root postdrop 462628 Mar 10 00:24 /opt/zimbra/postfix/sbin/postqueue
zimbra@krab:~$
Looked a bit further to the defaults on a postfix debian package, and it seems like the diff is in the postfix/spool/public (mind the postdrop group ownership of the public dir and its contents and the setgid on the dir itselve):
krab:/opt/zimbra# ls -al postfix/spool/public/
total 8
drwx--x--- 2 postfix postdrop 4096 Apr 16 22:54 .
drwxr-xr-x 16 root postfix 4096 Apr 14 14:58 ..
srw-rw-rw- 1 postfix postfix 0 Apr 16 22:54 cleanup
srw-rw-rw- 1 postfix postfix 0 Apr 16 22:54 flush
prw--w--w- 1 postfix postfix 0 Apr 16 23:02 pickup
prw--w--w- 1 postfix postfix 0 Apr 16 22:59 qmgr
srw-rw-rw- 1 postfix postfix 0 Apr 16 22:54 showq
krab:/opt/zimbra#
While a debian package lists the permissions as follows:
lieven@grasshop:/var/spool$ sudo ls -al postfix/public/
totaal 8
drwx--s--- 2 postfix postdrop 4096 2006-04-08 22:48 .
drwxr-xr-x 19 root root 4096 2006-04-08 00:05 ..
srw-rw-rw- 1 postfix postdrop 0 2006-04-08 22:48 cleanup
srw-rw-rw- 1 postfix postdrop 0 2006-04-08 22:48 flush
prw--w--w- 1 postfix postdrop 0 2006-04-16 23:03 pickup
prw--w--w- 1 postfix postdrop 0 2006-04-16 22:59 qmgr
srw-rw-rw- 1 postfix postdrop 0 2006-04-08 22:48 showq
lieven@grasshop:/var/spool$
unable to restart zimbra after reboot
[quote user="17224bobby"]
p.s. there should be a symlink from ~/postfix/ to ~/postfix-/ so you should be able to use that path in the sudoers to survive a postfix upgrade[/QUOTE]
Well I followed existing conventions, which all seem to reference version-qualified references in the sudoers file... Maybe this should be changed in general?
p.s. there should be a symlink from ~/postfix/ to ~/postfix-/ so you should be able to use that path in the sudoers to survive a postfix upgrade[/QUOTE]
Well I followed existing conventions, which all seem to reference version-qualified references in the sudoers file... Maybe this should be changed in general?