Topic: Dansguardian - exceptionuserlist

[Smitro]

This one has got me stumped, has any one got any tips where I've gone wrong?

I've install Dansguardian and it's working a treat. It's blocking everything it should...

All users must login to use the internet and they are authenticated using squid-auth. When a user is blocked the username is displayed on the error page, and users are also logged in the log file.

I would like to setup a user that is exempt from filtering. So I went into /etc/dansguardian/dansguardian.conf scrolled down to the line under exceptioniplist added this line:

Code: [Select]

exceptionuserlist = '/etc/dansguardian/lists/exceptionuserlist'
I created the above file and placed my username in it (that being the only thing in the file)
I did a restart on dansguardian

Code: [Select]

dansguardian -r
I then tried it and it was still filtered.

Just for experimenting's sake, I tried the exceptioniplist and put my IP in and it worked. I just can't seem to get it to work by username (which is what I really need).

[raem]

Smitro

> So I went into /etc/dansguardian/dansguardian.conf scrolled down to
> the line under exceptioniplist added this line:
> exceptionuserlist = '/etc/dansguardian/lists/exceptionuserlist'

Well it does say exceptioniplist not exceptionuserlist !

I think you need to use a different auth method eg pam auth or configure that elsewhere
See if my new Howto helps. It's a more recent one than you know about.
http://wiki.contribs.org/Dansguardian

[raem]

Smitro

In my older dansguardian version I have a default
/etc/dansguardian/exceptionuserlist
and it is specified in dansguardian.conf under the section Authentication files. Just add users to it and have Auth enabled of course.
In that file it says:
#Users names, who, if basic
#proxy authentication is
#enabled, will automatically
#not be filtered

#name

[Smitro]

Ok, thanks I'll give it a go. Are your rpms different to dungog's? also I noticed that pcre is not in the list of rpms, is it no longer a dependency?

[Franco]

This will depend on how you set your access to the proxy. You can only use exceptionuserlist if you have PAM, if you're using the NCSA method you can't use the userlist.

[Smitro]

I thought I was using PAM. I'm using the proxy basic plugin. Is this pam?

[Smitro]

I just tried Ident. Same thing. The username is displayed on the access denied page, and it still seems to ignore the exceptionuserlist

[raem]

Smitro

> I just tried Ident.....it still seems to ignore the exceptionuserlist

you need to set pam auth with the db command given in the new howto

Have you carefully reviewed all your config files and made appropriate changes ?
Did you install over the top of an earlier version, the config files can get "rattled" doing that ?
What versions are you running ?
rpm -qa dansguardian
rpm -qa smeserver-dansguardian

[raem]

Smitro

It works differently in this version.

Read /etc/dansguardian/dansguardianf1.conf
where it says:

# DansGuardian filter group config file for version 2.9.8.0

# Filter group mode
# This option determines whether members of this group have their web access
# unfiltered, filtered, or banned. This mechanism replaces the "banneduserlist"
# and "exceptionuserlist" files from previous versions.
#
# 0 = banned
# 1 = filtered
# 2 = unfiltered (exception)


So you need to set up at least a second filter group (and associated list files), and specify which users are members of the second group.
The first group (f1) will be filtered, but the second group (f2) will be unfiltered, but you must set this in the configuration files for each filter group. When the user logs in (set db for pam) dansguardian will check to see which group they are a member of and apply filtering, or not.

You can have many filter groups and each group can have different filter settings (rather than just being filtered or unfiltered with 2 groups only).

eg edit
/etc/dansguardian/dansguardianf2.conf

[Smitro]

Hey Thanks Ray, you've been a big help so far, thanks for giving of your time, I really appreciate it. I uninstalled  the versions I had installed from dungog and I installed the ones from your how to guide. When I installed it I noticed I didn't get an dansguardianf2.conf file as I've seen in the how to, but  I guess, how hard can it be to create a new one... I presume I can copy the f1 file and modify it according. I'll have a play with it and report back.

Thanks.

[raem]

Smitro

> When I installed it I noticed I didn't get an dansguardianf2.conf file
> ... I presume I can copy the f1 file and modify it according.


I've just been playing around with the groups aspect & I'm a step ahead of you.

Here are some very quick & rough notes that should give you what you need to know. I'll tidy it up later.

Dansguardian group configuration

configure pam auth using the db command from howto

copy /etc/dansguardian/dansguardianf1.conf to /etc/dansguardian/dansguardianf2.conf
and to a f3 version if required also

Copy /etc/dansguardian/list/f1 to /etc/dansguardian/list/f2 including all subfolders and files
edit /etc/dansguardian/dansguardianf2.conf and change all instances of f1 to f2 in filename locations

edit /etc/dansguardian/dansguardian.conf
Filter group options
filtergroups = 2
or however many filter groups you want to have

Auth plugins
remove # from in front of
authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'
leave other possibilities with # at start of line

edit /etc/dansguardian/dansguardianf1.conf
change Filter group mode
leave this unchanged as this group will be the filtered standard users group
groupmode = 1

Filter group name
remove # from front of groupname = ''
change to
groupname = 'Standard Users'


edit /etc/dansguardian/dansguardianf2.conf
change Filter group mode
change this as this group will be the unfiltered Admin Users group
groupmode = 2

Filter group name
remove # from front of groupname = ''
change to
groupname = 'Admin Users'

Content filtering files location

change all these to show f2 in the location path

change all other occurences of f1 to f2 in file paths

edit /etc/dansguardian/lists/filtergroupslist

add entries for users who are members of filter group2
use this format

username=filtergroupnumber
eg
ray=filter2

It's not necessary to add all users who are in filter group 1 as everyone is automatically a member of group 1 by default.

Filter group 2 settings override filter group 1 (I think/suppose)


restart dansguardian for changes to take effect
/etc/init.d/dansguardian restart


You can create as many groups as you want, using similar steps as above.
Each group can have different levels of filtering eg different exceptionlists and naughtyness limits etc etc etc.

edit the exception and banned lists in
/etc/dansguardian/lists/f3/exceptionsitelist etc etc etc
and in each other group list structure eg f1 & f2
obviously if f2 is a unfiltered group then setting changes to exception list will have no effect

In practice you get asked for a login user & password when you access a web site.
Depending on your group membership you get filtered or unfiltered access.

[Smitro]

Ray, what can I say? Your an absolute legend! I followed your instructions and it worked perfectly. Thanks.

Can you please add this to the wiki.  

[raem]

Smitro

> I followed your instructions and it worked perfectly.

Good to hear that, at least I transcribed my steps reasonably accurately if they are reproducible.

The group functionality works nicely too, doesn't it !!


> Can you please add this to the wiki.

Yes, in a few days when I get time to elaborate on it all and turn it into "plain jane" sme jargon.

[Smitro]

> The group functionality works nicely too, doesn't it !!

It's awesome, since understanding how it works, the possibilities have been running through my head...

If only I was fluent in perl (I know PHP+MySQL), I'd write a admin panel.

[raem]

To all

> Can you please add this to the wiki.
>> Yes, in a few days when I get time to elaborate on it all and turn it into "plain jane" sme jargon.

I have added it to the wiki Howto "as is" for now.

http://wiki.contribs.org/Dansguardian