[Neurodebian-devel] condor fails to install if condor user already exists

[Michael Hanke]

severity 684463 wishlist
tag 684463 wontfix
thanks


Hi Tiziano,

[Debian bug is in CC]

On Fri, Aug 10, 2012 at 08:42:17PM +0200, Tiziano Zito wrote:
> I mistakenly posted a bug report about condor on debian BTS
> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684463> which
> should have been posted here. Should I ask to close the bug and keep
> on discussing here?

First of all: I consider it appropriate to file bugs like this in the
Debian BTS. NeuroDebian binary packages are unmodified rebuilds and I
upload binaries built from the same source packages to Debian proper
also.

Regarding the actual bug. This issue came up in the early days of this
packaging. It essentially happens mostly for people upgrading from
existing Condor deployments. While I can't say much about the necessity
to have a Condor user in LDAP. I'm pretty sure that the Debian packages
cannot work with a non-system user. There are all kinds of problems, but
one of them is that the package can't assume that any user named
'condor' is also one that is available for Condor's operations. If a
normal user 'condor' exists, IMHO failing is the only option. Otherwise
that user would have access to Condor's runtime data (job payload, ...),
but we would not know whether there is an actual (human) 'condor' user.

The system user that the condor package creates is a dedicated one -- no
login, no shell access.

If you see a way that is both secure and satisfies your needs, please
let me know. Otherwise, I think Evgeni is right: move 'condor' out of
LDAP and solve email issues with alternative means.

For now I am downgrading this bug to 'wishlist' and tag it with
'wontfix' until a more viable solution is found.

Best,

Michael

-- 
Michael Hanke
http://mih.voxindeserto.de