# This is the README file for "honorsystem.pl". (c)  2005 mick@lowdrag.org
# It's not a shell script. If it were it'd have to be run as root.  :(

# This program allows a user to conveniently bypass the filtering of your proxy
# you went to so much trouble to install.  This is intended to keep a user from
# accidentally accessing objectionable material in a public setting, but
# allowing him to make the final decision. Just to add a little more utility
# I've added a simple passwording hook which can be enabled by defining the
# variable $passwd.  If that sounds like something you want to do I'll try to
# outline the hoops through one must pass to get this deal going.

# This is on a  machine running Debian GNU/Linux "Sarge-era". Paths, filenames,
# files and thier contents may be somewhat to completely different on different
# operating systems. Distribute, modify and use this program and these
# instructions under the same license as squid, squidGuard or chastity-list.

# Assumption 1: Your webserver user is www-data
# Assumption 2: Your cgi dir is /usr/lib/cgi-bin/

# First things first: get squid + squidguard + chastity-list. Good, you're almost done.

# In the squid config (/etc/squid/squid.conf) there is a pointer to a
# redirect_program and it has a config file switch. You probably made this config
# file either "/etc/chastity/squidGuard-chastity.conf" or
# "/etc/squid/squidGuard.conf".  Either replace all ocurrances of
# "squidGuard.cgi" with "honorsystem.pl" 
sed -i s/squidGuard.cgi/honorsystem.pl/g /etc/chastity/squidGuard-chastity.conf \
	/etc/chastity/squidGuard-chastity.conf
# and put honorsystem.pl into the same directory, or mv honorsystem.pl
# to squidGuard.cgi. The gist if the matter is that the redirect program config
# file has to use our program, honorsystem.pl, even if it gets a new name. 

# Make sure honorsystem.pl (or whatever you named it) is executable by the webserver.

chown .www-data /usr/lib/cgi-bin/honorsystem.pl
chmod 750 /usr/lib/cgi-bin/honorsystem.pl

# Make a directory and three files, and make them readable/writable by the webserver.

mkdir /var/lib/chastity/okay/
touch /var/lib/chastity/okay/domains \
 	/var/lib/chastity/okay/urls \
 	/var/lib/chastity/okay/expressions
# 				
# 		/* You may hand-edit the above or leave them empty */ 
# 	
chown .www-data /var/lib/chastity/
chown -R proxy.www-data /var/lib/chastity/
chmod 770 /var/lib/chastity/okay/
chmod 660 /var/lib/chastity/okay/*

# Use visudo to add the webserver user to /etc/sudoers.
visudo
# 		/* Add a line like the following */
# 		/* in the user privilege section */
# www-data        ALL = NOPASSWD: /etc/init.d/squid reload

# Now edit the file: /usr/lib/cgi-bin/honorsystem.pl and change all the stuff in
# the config part. 

# Troubleshooting: As shipped the script passes "fatalsToBrowser", so some
# hints may show up right there. It's good practice to comment that line out
# one the thing is running. tailing the apache logs is a valuable source of
# info as well
tail -f /var/log/apache/*.log

# Good luck! email cheerfully answered most of the time. mick@lowdrag.org
