Univention Bugzilla – Bug 49947
Dansguardian doesn't check groups since upgrade to 4.4.1
Last modified: 2020-10-05 12:03:57 CEST
It seems dansguardian is no longer checking the groups of a user. It seems to always use the default group.
My default group in dansguardian is configured to only allow a whitelist:
dansguardian/groups/dansguardian_white/exception/sites .Include</etc/dansguardian/white/domains> .Include</etc/dansguardian/BL/updatesites/domains>
I just restored to Univention 4.4.0 and there I see in /var/log/dansguardian/access.log the normal behavior. When I browse to google.de I see my name and the group dansguardian_unrestricted.
So I repeated the upgrade to 4.4.1, joined the domain again and rebooted the server. And now I see a deny in the logs. The group is no longer dansguardian_unrestricted but the default group dansguardian_white.So I downgraded again to 4.4.0 and stopped the unattended upgrades.
By the way I found 7 lines in syslog all of them like:
dansguardian: Auth plugin returned error code: -1
I just set up a new proxy server and could reproduce the error. I only configured one additional group and the default group. Only denying one single site in the default group still makes the site inaccesible to members of the other group where this site is not mentioned.
It really seems to be an error. By the way I didn’t get the Auth plugin error this time.
As I am running into the same problem, with having an additional group blocking only some of the users, I wonder why this error / bug is still "NEW".
I can easily reproduce the bug on my setup. It seems to me, no other group is regarded in addition to the defaultgroup.
On the other hand, when I add a new group to ucr dansguardian/groups the respective files are generated in /etc/dansguardian/lists with the new name. Yet, they all have wrong access rights, as for group and others the "r" is missing, why dans guardian cannot start anymore.
Just observations, as I am not an expert ... :-(