Provided by: cfingerd_1.4.3-3ubuntu1_i386 bug

NAME

       cfingerd - Configurable finger daemon.

SYNOPSIS

       cfingerd [ -c | -e | -o | -v ]
                  -c : Check configuration
                  -e : Emulate local finger w/o inetd
                  -o : Turn off all finger queries
                  -v : Request version information

       -c  checks  your installed configuration.  This makes sure there are no
       existing errors in the current cfingerd.conf file.

       -e allows you to emulate a local finger on a user that exists  on  your
       system.   This  lets you test cfingerd on your system before installing
       it.  Using the "-e" directive is the same as installing  the  software,
       typing  "finger username@" and getting the output.  Using "-e username"
       does the same.

       -o turns off all finger queries.  This makes it  so  that  no  one  can
       finger  your  system - no matter what they try to do.  Unlike the other
       options, this option is used in inetd.conf, not on the command line.

       -v requests cfingerd version information.

DESCRIPTION

       CFINGERD is a totally new, and totally configurable finger daemon - one
       of  the  first.   It  listenes  on the finger port (port 79) to provide
       useful information about each user that is on your system according  to
       the  finger protocol as described in RFC 1288.  Only thing is, cfingerd
       provides a unique twist.

       CFINGERD was designed for the sole purpose of making output  on  finger
       queries configurable.  If you want to change any text that is displayed
       during finger queries, you can configure the finger daemon  to  display
       just about anything you want.

       CFINGERD also takes into account any security breaches, and attempts to
       close them.  With the added bonus of creating ".nofinger"  files,  this
       is  displayed  instead  of  finger  information, making it possible for
       users to keep themselves relatively anonymous from outside users.   For
       a  maximum  of  users  privacy  you  should  place  an  exact  copy  of
       /etc/cfingerd/nouser_banner.txt in your .nofinger file.

WHY WAS IT DONE?

       The answer is simple.  Security.  Many sites turn off  finger  for  the
       reason that they don’t want outside users to see who’s on their system,
       or get information about a specific user on their system.  This  seemed
       unfair to the rest of the users out there, so this program was created.
       Besides, those sites were waiting for this type of program.  Many sites
       that originally had their finger turned off turned them back on because
       of cfingerd.

       Many sites have complained that they wanted the  ability  to  create  a
       "fake-user", or a user that doesn’t exist but calls a pre-written shell
       script.  CFINGERD has taken this into account, and  provides  the  best
       method  possible  for creating such scripts.  (See cfingerd.conf(5) for
       more information on the configuration file.)

FEATURES CFINGERD PROVIDES, AND DESCRIPTIONS OF EACH

       CFINGERD was totally rewritten.  Why is this?  Well, the older  version
       of  cfingerd  had  quite  a few bugs, and it didn’t quite do all of the
       things that cfingerd now does.  This new version was totally  revamped,
       and  most  of  the bugs that were in the older version of cfingerd were
       removed in this one.  Besides, the code in here was more compact.

       Header and footer displays were a very big part of the original release
       of cfingerd, and shall continue to remain in all versions.  Headers and
       footers are only displays at the beginning and  ending  of  all  finger
       displays, and are used as unique little "advertisements" or such.

       Last  time  displayed  is  always  a  critical  issue.  It’s covered in
       cfingerd.  Cfingerd simply shows how many times this user is connected,
       what  their  idle time is on each TTY they’re connected to, and whether
       or not they are accepting messages.  If they’re not accepting messages,
       a  "[MESG-N]"  display will be shown if this is the case.  This display
       also shows the last time mail was read, and whether or  not  this  user
       has  mail.   If  this  is  still too much for your taste, each of these
       items can be disabled system wide.

       Stand-alone and INETD support is compiled into the  program,  but  only
       INETD  support is given for the time being.  The reason being is that I
       have not yet added the code for stand-alone daemon mode.

       .nofinger files are used when a user wishes to remain anonymous.  These
       files  should  be  placed  in  their  home directories, and can display
       anything they want.  There’s just a few restrictions.  These  .nofinger
       display  files cannot be character devices, directories, fifos, soft or
       hard links, or anything else of that caliber.  They must only be normal
       files.

       Fakeusers  were  supported  for the simple fact that many sites want to
       create users that don’t exist, and make them execute a shell.   If  you
       want  this done, then install a fake user.  Read up in cfingerd.conf(5)
       for more information on these useful options.

       Service listings were used to show what fakeusers you have installed on
       your  system.   These  can  be  formatted  however  you  wish,  and are
       explained (once again) in cfingerd.conf(5).

       Searching for usernames is a very powerful feature that cfingerd  takes
       full  advantage  of.  If you are looking for a specific username on the
       system,  or  don’t  know  what  their  name  is,  simply   use   the
       search.pattern  directive  with  cfingerd  will  search  for  all users
       containing pattern in their real name or username on that system.

       Searching for usernames is NOT case sensitive.  You may  search  for  a
       specific  username  or real name, for part of the username or real ame,
       or for a pattern matching the entire username or the entire  real  ame.
       If  you  search  for  part  of  a  user’s  name,  chances are, it’ll be
       displayed.

       Warning searching will currently return the names of daemon  users  and
       users

       and you will be able to search for a user on your system.

       Security is a given.  If you don’t want to show someone something, then
       it won’t display what you don’t want.  Simply  edit  the  cfingerd.conf
       file and make changes.  It’s that simple.

       Searching  for  usernames  is NOT case sensitive.  If you are searching
       for a specific username, or part of the user’s name.  If you search for
       part of a user’s name or username, chances are, it’ll be displayed.

       Not  just  PLAN,  or PROJECT but there’s also an option to display your
       public PGP key, if you have one.  This is very useful if  you  want  to
       keep  your mail or other information secret to yourself, and don’t want
       "big  brother"  watching  over  your  shoulder  as  you  talk   amongst
       yourselves.   (Thanks  to  Andy Smith for this patch).  (For your info,
       the standard plan file is .plan,  project  is  .project,  PGP  info  is
       .pgpkey, and XFace icon information is .xface)

       Remember, any or all of these options stated above, can be turned on or
       off at will.  If you want a specific option turned off,  turn  it  off.
       :)

FULL LIST OF BUILTIN USER NAMES

       cfingerd  provides  a  set of builtin fake users.  Two of them are also
       used internally by cfingerd.

       @      List  logged  on  users  without   .nofinger   file.    If   the
              system_list_sites  option is used in the main configuration file
              cfingerd will try to gather information from all listed hosts.

       userlist@
              Same as @, except that it only lists  people  who  are  idle  no
              longer than one day.  This is intended to give a better overview
              of who’s really online at the moment of fingering.

       userlist-only@
              List logged on users without .nofinger file  -  without  headers
              and footers.  This fake user is used internally to gather system
              information from remote hosts for @.

       userlist-online@
              List logged on users without .nofinger file  -  without  headers
              and  footers.   Only users will be listed who are idle no longer
              than a day.  This fake user is used internally to gather  system
              information from remote hosts for userlist@.

       version@
              Display version information for cfingerd.

       services@
              List all fake users.

       search.pattern@
              Search  for  users  using  the  GCOS field in /etc/passwd.  Only
              users will be displayed who don’t have a .nofinger-file.

       help@  Help text listing all of these.

       These can be disabled in cfingerd.conf(5) as follows

       @ and userlist@
              Set SYSTEM_LIST to FALSE.

       userlist-only@ and userlist-online@
              Disable ALLOW_USERLIST_ONLY (i.e. prefix it with a  minus  sign)
              or disable SYSTEM_LIST.

       version@
              Disable ALLOW_CONFESSION (i.e. prefix it with a minus sign).

       services@
              Disable  ALLOW_FAKEUSER_FINGER  (i.e.  prefix  it  with  a minus
              sign).

       search.pattern@
              Disable ALLOW_SEARCHABLE_FINGER (i.e. prefix  it  with  a  minus
              sign).

       help@  Disable ALLOW_CONFESSION (i.e. prefix it with a minus sign).

ERROR MESSAGES

       Any  error  messages  that  result are fairly easy to debug if you know
       what to look for.

       Segmentation Violations don’t always occur, but if they  ever  do,  you
       can  pretty easily figure out what’s going on.  Unfortunately, cfingerd
       doesn’t have any compatibility with older cfingerd.conf  files,  so  if
       you  get  a  Segmentation  Violation,  this  (usually)  means that your
       cfingerd.conf file needs to be replaced.

       Timeouts usually mean that a script has timed out, or a  connection  to
       another site timed out.

SYSLOGGING MESSAGES

       Well, there’s no real way to describe SYSLOG messages since they can be
       changed as the system administrator chooses.  Although, examples can be
       given based on the standard configuration that was distributed.

       If  any IP addresses cannot be matched to a name it will display a "IP:
       Hostname not matched".

       If the renice fails (to make the program run at the  highest  priority)
       then it will display "Fatal - Nice died: (reason)".

       If  there is no buffer information waiting in the STDIN buffer, it will
       display "STDIN contains no data".

       If a trusted host fingers your site, a "<- Trusted" will appear.

       If a rejected host fingers your site, a "<- Rejected" will appear.

       If root is fingered on your site, it will display "Root".

       If a service listing  was  fingered  on  your  site,  it  will  display
       "Service listing".

       If a user listing was requested, it will display "User listing".

       If a fake user was requested, it will display "Fake user".

       If "whois" data was requested, it will display "Whois request".  (Note,
       whois was not implemented  in  this  release,  since  it  wasn’t  ’RFC’
       compliant.)

       Any extra information pertaining to the incoming finger is displayed in
       the syslogging area.   (It’s  also  recommended  that  you  reconfigure
       syslog.conf(5) to display to an unused VT.  :)

PLANS

       Any  other  options  or  improvements  will  probably  come  from  user
       suggestions.  :)

       Later plans will make it so  that  you  can  define  your  own  display
       formats  for the finger display.  This means that you can re-define how
       you want your finger display to look.

CONTACTING

       If you like the  software,  and  you  want  to  learn  more  about  the
       software, or want to see a feature added to it that isn’t already here,
       then please write to cfingerd@infodrom.north.de.  The project’s webpage
       is at http://www.infodrom.north.de/cfingerd/ .

SEE ALSO

       cfingerd.conf(5),     cfingerd.text(5),     finger(1),     userlist(1),
       syslog.conf(5).