Provided by: cfingerd_1.4.3-3ubuntu1_amd64 bug

NAME

       cfingerd.conf - configurable finger daemon configuration file.

SYNOPSIS

       /etc/cfingerd.conf

DESCRIPTION

       cfingerd.conf is the configuration file for cfingerd.  cfingerd has been totally rewritten
       to support a more readable configuration file.  This version of the new configuration file
       is NOT compatible with the older versions from 1.0.3 or below.

       The  configuration  file is split into sections of three general types: FILES, CONFIG, and
       HOSTS.

       Each one of those sections is split into subsections, which will be explained next.

       Subtext of each option is either boolean options, string options, or  switchable  options,
       all changeable by the system administrator.

       Each  section  is  split  into  a series of sections that resembles C type definition; not
       exact, but close enough to be familiar with it.  :) There's only one exception - these are
       not case sensitive.  Any casing will do, as long as the option is legal.

       Thus, each section is formatted like this:

            OPTION section_name = {
              (tab/space) string_option = "string_format",
              (tab/space) +/-boolean_pair_option = [BOOL, BOOL],
              (tab/space) +/-internal_config_option
              (tab/space) host.name.here
            }

       This  illustrates  that  string options are strings put into "quotes", boolean options are
       given as TRUE and FALSE, switchable options are given with  the  +  or  -  directive,  and
       hostnames are used as substrings, so that wildcards are not necessary.

       A  few sections simply contain a block of text to be used as the value of a single option,
       which one is indicated by the section name itself.

       You may add comments using the hash mark ``#'' at the beginning of the line.  Please  note
       that no comments are allowed inside of a section.

DISPLAY FILES SECTION (FILES display_files)

       Each  option  here  is  a  string  option.   The  first 6 options are relative to the home
       directory of whatever user was fingered, the remaining are absolute and should start  with
       a "/".

       PLAN  is  the optional plan file which contains the text displayed as the users plan.  The
       default is .plan.

       PROJECT is the optional project file that is used when displaying a  project  description.
       The standard here is .project.

       PGP_KEY  is the optional "Pretty-Good-Privacy" file that is shown when displaying a public
       or private key.  The standard here is .pgpkey.

       XFACE is the optional file that shows the user's face.  (This is commonly used  in  E-Mail
       messages.)  The standard here is .xface.

       NO_FINGER is the optional file that is shown when a user wishes to remain anonymous.  This
       is usually the case with root users (which should be standard, anyway).  In order to  hide
       the  user  this  file should be an exact copy of the nouser_banner.txt file.  The standard
       here is .nofinger.  This file can only be a standard displayable file.  This  option  will
       also  hide the user from a "search.pattern" query.  If any user can read this file it will
       also be honored by a userlist (@host) query.  This is done by a non-priviliged program  so
       the uid can't be changed.

       USERLOG  is  the  optional  file in which all attempts to finger a user are logged for the
       users own reference.  If ALLOW_USERLOG is not enabled this file is completely ignored.  If
       ONLY_CREATE_FINGERLOG_IF_FILE_EXISTS   is  enabled  cfingerd  will  only  document  finger
       requests if this file already exists in the users home directory.   The  default  name  is
       .fingerlog.

       MAILBOX  is the file that is checked to see where the user's mailbox is.  If you are using
       a regular Unix mail transport agent (such as sendmail(1), smail(1) or exim(1)),youwoulduse
       /usr/spool/mail/$USER  here.   If  you  are  using  something  like  qmail,  you would use
       $HOME/Mailbox.  The path must be given as well as the filename to check for.   $USER  will
       expand  to  the  proper username.  $HOME will expand to the proper home directory for that
       very user.  If MAILBOX is set to``QMAIL'' cfingerd assumes that Qmail is used on the local
       system and therefore will read ~/.qmail files instead of common mailbox files.

       LOGFILE  is  the  file that is used to keep logs of everything that happens to your finger
       program.  These logs are kept as backups for your finger file, and can be  used  to  guard
       against  attacks  against your system if a finger attack occurs.  By keeping cfingerd.conf
       readable only by root the logfile should be kept in a safe, hidden place.

       HEADER_DISPLAY is the file that is displayed  at  the  top  of  each  finger  reply.   The
       standard here is /etc/cfingerd/top_finger.txt.

       FOOTER_DISPLAY  is  the  file  that  is  displayed  at  the end of each finger reply.  The
       standard here is /etc/cfingerd/bottom_finger.txt.

       NO_USER_BANNER is the file that is displayed if the user doesn't exist.  The standard here
       is /etc/cfingerd/nouser_banner.txt.

       NO_NAME_BANNER  is the file that is displayed if no name was specified in a finger request
       if a system listing is not allowed by  the  SYSTEM_LIST  option  (explained  later).   The
       standard here is /etc/cfingerd/noname_banner.txt.

       REJECTED_BANNER  is  the  file  that  is displayed if a rejected host tries to finger your
       system for any reason.  The standard here is /etc/cfingerd/rejected_banner.txt.

FINGER DISPLAY CONFIGURE SECTION (CONFIG finger_display)

       Each option in this section is boolean.  The way this works  is  as  follows:   The  first
       boolean  option  is  the  setting  for  a remote host, or a host that fingers you from the
       outside.  The second boolean option is the setting for the local host,  or  trusted  host.
       This is what people from your own system will see.

       TRUE  means  that this item is included in the cfingerd reply.  FALSE means it is omitted.
       Unless otherwise specified these items only appear if an existing user is fingered.

       Each option has a "-" or "+" option.  This is for user-overridable options, which will  be
       in  the  next  release  of  cfingerd.   These  will  allow each user to manipulate if this
       information is displayed when that specific user is fingered.

       HEADER_FILE displays the header file at the beginning of each finger reply.

       FOOTER_FILE displays the footer file at the end of each finger reply.

       LOGIN_ID displays the login ID of that particular user.

       REAL_NAME displays the real name of that particular user.

       DIRECTORY displays the user's directory.

       SHELL displays the user's shell.

       ROOM_NUMBER displays the user's room number.

       WORK_NUMBER displays the user's work phone number.

       HOME_NUMBER displays the user's home phone number.

       OTHER displays the user's other information.

       LAST_TIME_ON displays the last time the user has logged into the fingered system.

       IF_ONLINE displays whether or not the user is currently logged into the fingered system.

       TIME_MAIL_READ displays the last time that the fingered user has read mail.

       DAY_MAIL_READ displays the last day that the fingered user read his/her mail.

       ORIGINATION displays the site from which the user logged in (if applicable.)

       PLAN displays the user's plan file.

       PROJECT displays the user's project file.

       PGP displays the user's Pretty-Good-Privacy key file.

       XFACE displays the user's XFACE file.

       NO_NAME_BANNER displays the banner if no username was given.

       REJECTED_BANNER displays the rejected banner file if the site fingering your system was in
       the banned-site listing.

       SYSTEM_LIST displays the system list if one was requested.

       NO_NAME displays the NO_USER_BANNER file if no user was selected.

INTERNAL CONFIG SECTION (CONFIG internal_config)

       Each  item  in this section is a switchable option.  This means that a "+" before the item
       enables it while a "-" before the item turns it off.

       ALLOW_MULTIPLE_FINGER_DISPLAY tells cfingerd to add the system finger information from the
       hosts  listed in the system_list_sites instead of only the localhost.  This is useful when
       you have more than one ISP machine, located in different cities, or even states.

       ALLOW_SEARCHABLE_FINGER allows you to let others outside of your system (or within it)  to
       search for a specific username by using the "search.pattern" directive.

       ALLOW_NO_IP_MATCH_FINGER  allows  you  to let sites finger your system if a hostname could
       not be matched to their IP address successfully.

       ALLOW_USER_OVERRIDE will allow your users to  override  specific  options  in  the  FINGER
       DISPLAY section that you enable.  This is not yet implemented.

       ALLOW_USERLIST_ONLY  will  allow  other  sites  to  get  a  shortened  form of the "finger
       @hostname" response by issuing "finger userlist-only@hostname".  The shortened  form  does
       not  merge  in other computers even if ALLOW_MULTIPLE_FINGER_DISPLAY is enabled, and omits
       the usual headers and footers.  This listing is only  available  if  the  remote  user  is
       allowed to query for a regular system list, so SYSTEM_LIST from the finger_display section
       needs to be enabled, too.

       ALLOW_FINGER_FORWARDING will allow other sites to forward finger requests to  a  different
       machine  if  the  user could not be located on the current machine.  (In order to use this
       option, you MUST have the HOSTS finger_forward option set, and have other sites in there.)

       ALLOW_STRICT_FORMATTING makes the  finger  display  remove  all  returns  between  display
       options.   This  makes  the  finger display look horrible (as with GNU Finger or the other
       generic fingers) and makes your system look, well, "generic".  :)

       ALLOW_VERBOSE_TIMESTAMPING makes the timestamp that  is  displayed  (at  any  place)  very
       verbose.  For instance, where it used to say:

       On since Sat Aug 12 03:43PM (PDT)

       would now be shown as:

       On since Sat Aug 12, 1995 03:43PM (PDT)

       (Basically, ALLOW_VERBOSE_TIMESTAMPING just takes up more room on the display field.)

       ALLOW_NONIDENT_ACCESS  lets cfingerd also accept connections from sites that don't run the
       IDENT daemon (or RFC1413-compliant program.)  This is for security sake,  and  is  a  good
       measure  against  unknown  users trying to finger your system.  If this option is enabled,
       users that do not have identd running on their system (ala Windows users) will be able  to
       finger  your system.  Systems NOT running identd will return "unknown" as the user ID, and
       will thusly not be permitted to finger a user on your system.

       ALLOW_FINGER_LOGGING enables cfingerd to use  the  LOGFILE  file  to  store  any  logs  of
       activity that happen to your system via finger.

       ALLOW_LINE_PARSING  makes  cfingerd  parse  each line of every display file (including the
       plan, project, and pgp files) for any cfingerd-specific "$" commands.  If any  are  found,
       cfingerd   will   parse  these  commands  and  display  correct  information  accordingly.
       Otherwise, if this is turned off, the display will appear without parsed commands.

       ALLOW_EXECUTION will allow users to execute scripts in place of their .plan, .project, and
       .pgp  files.   This  is used to display the standard output of another program directly to
       the screen of the user.  Keep in mind that this is a HUGE security risk, should you choose
       to  use  it.   It's  normally  suggested  that  this remain off, but you can turn it on if
       necessary. Nevertheless these programs are called  as  nobody.nogroup  as  effective  user
       (while the real user will still be root, but a called program won't be able to change this
       back).

       ALLOW_FAKEUSER_FINGER turns on or off the fake user option in cfingerd.  If you want  fake
       users  to  be  defined, and available to be fingered, you will want to enable this option.
       This can be a security risk in some instances if you allow  for  searchable  fingers,  and
       your  script  calls an execute routine on that variable...  But chances are, that'll never
       happen.

       ALLOW_USERLOG will allow users to keep track of who has fingered them, and at  what  time.
       The default name of this user logfile is .fingerlog.

       ALLOW_CONFESSION enables two fakeusers "help" and "version" that provide information about
       the system running.  Some people don't like that so you can turn it  off.   When  fingered
       the  requestor  will  only  see  the NO_USER_BANNER so he can't guess that the fakeuser is
       supported.

       ONLY_SHOW_HEADERS_IF_FILE_EXISTS will only show the header of the  .plan,  .project,  etc.
       files if they exist.  If the file doesn't exist, the header will not be shown.  This saves
       space on the final output of the finger data.

       ONLY_CREATE_FINGERLOG_IF_FILE_EXISTS will only create a .fingerlog file  in  the  fingered
       user's  home  directory  if one exists (and is read/writable by the user.)  This is to cut
       down on hard drive space if they don't want a .fingerlog file.

SYSTEM LIST SITES SECTION (CONFIG system_list_sites)

       This is just a series of hostnames that you want to  finger  when  displaying  a  userlist
       query  (finger  @localhost)  .   If  you  have more than one system that you want to show,
       simply put their hostnames in this list, separated on a line by itself.

       A good example of the way this works is this: If you have a separate ISP system  that  you
       are running on the side, say "chatlink.com", then I would change my configuration to say:

           CONFIG system_list_sites = {
                   chatlink.com,
                   localhost
           }

       Remember,  if you are listing only a couple of sites, list the sites you will want to have
       listed (in order) first.  These sites are required to run cfingerd as well and  they  must
       not  be  offline  while  fingering.  The ending entry MUST be the localhost, or the finger
       listing will not include your site.  If you include localhost anywhere else in  the  list,
       it will stop once it has reached the localhost entry, so remember to list it last!

       For  the  simple  fact  that  I  want  to get a user listing from my own machine, and from
       chatlink.com's system.  This would be  automatically  formatted  nicely  (ie.  sorted  and
       parsed)  and would display on the screen in sorted order.  This program is usually used in
       tandem with the supplied userlist(1) program.

       If no system list sites are specified, multiple system sites will not be specified.

TRUSTED HOST SECTION (HOSTS trusted)

       This is a listing of the sites that you allow to finger your  system  exclusively,  giving
       them the same access that your local users would get.  In other words, they are treated as
       "localhost" users.

       Each site that you list in this section should be separated by using  the  ","  character.
       You can include up to 80 sites in this listing.

       Wildcards are supported in this section, and you may use them in the regex format as well.
       Any wildcards with "*", "?", or any other regex wildcard matching character will work.  IP
       addresses will also work.  Hostnames are compared case insensitive.

REJECTED HOST SECTION (HOSTS rejected)

       This  is  a listing of the sites that you do not allow to finger your system.  These sites
       don't get to finger anyone (or anything for that matter) on  your  system,  regardless  of
       what they try to do.  In essence, finger is cut off to those particular systems.

       Each  site  that  you list in this section should be separated by using the "," character.
       You can include up to 80 sites in this listing.

       Wildcards are supported in this section, and you may use them in the regex format as well.
       Any wildcards with "*", "?", or any other regex wildcard matching character will work.  IP
       addresses will also work.  Hostnames are compared case insensitive.

FORWARDED HOST SECTION (HOSTS finger_forward)

       This is a listing of sites that are used to forward  a  finger  query  to  when  a  finger
       request  was  processed,  but that particular user was not found on the associated system.
       It will step through this listing, and it will search for the user in  question.   If  the
       user  could  not be found, then it will step through to the next host, and the next, until
       it finds one.

       Each site that you list in this section should be separated by using  the  ","  character.
       You can include up to 80 sites in this listing.

       Wildcards are supported in this section, and you may use them in the regex format as well.
       Any wildcards with "*", "?", or any other regex wildcard  matching  character  will  work.
       Hostnames are compared case insensitive.

       If  you  do  not  specify  any forwarding sites in this section, finger forwarding will be
       disabled for your system.

FINGER STRINGS SECTION (CONFIG finger_strings)

       Each option in this section is a string that  can  be  changed  to  fit  your  needs  when
       displaying  finger  information.   These strings are limited to about 20 characters on the
       display.  (If you use more than 20, the finger display will end up looking strange.)

       USER_NAME is the string that is displayed when the user's username is shown.

       REAL_NAME is the string that is displayed when the user's real name is shown.

       DIRECTORY is the string that is displayed when the user's directory is shown.

       SHELL is the string that is displayed when the user's shell is shown.

       ROOM_NUMBER is the string that is displayed when the user's room number is shown.

       WORK_NUMBER is the string that is displayed when the user's work phone number is shown.

       HOME_NUMBER is the string that is displayed when the user's home phone number is shown.

       OTHER is the string that is displayed when the user's other display information is show.

       PLAN is the string that is displayed when the user's plan is shown.

       PROJECT is the string that is displayed when the user's project is shown.

       PGPKEY is the string that is displayed when the user's PGP Key is shown.

       XFACE is the string that is displayed when the user's XFACE file is shown.

       NO_PLAN is the string that is displayed if the user doesn't have a plan file to  show  you
       and ONLY_SHOW_HEADERS_IF_FILE_EXISTS is not enabled.

       NO_PROJECT is the string that is displayed if the user doesn't have a project file to show
       you and ONLY_SHOW_HEADERS_IF_FILE_EXISTS is not enabled.

       NO_PGP is the string that is displayed if the user doesn't have a PGP Key file to show you
       and ONLY_SHOW_HEADERS_IF_FILE_EXISTS is not enabled.

       NO_XFACE  is  the  string that is displayed if the user doesn't have an xface file to show
       you and ONLY_SHOW_HEADERS_IF_FILE_EXISTS is not enabled.

       WAIT is the string that is shown when the system gathers information from other sites  for
       a user listing.

INTERNAL STRINGS SECTION (CONFIG internal_strings)

       These  strings  are  changeable,  and  can  be any length you want (within reason).  These
       strings are concattenated into the syslogging display when the appropriate finger has been
       issued.  This section also includes error messages that may occur.

       NO_IP_HOST  is shown when there is no hostname that matches the incoming IP address.  This
       usually indicates that either the site didn't register their IP address with the InterNIC,
       or they are coming from a hacked site.

       RENICE_FATAL  is  shown  when  the  system  failed to change the execution priority on the
       current process of cfingerd.

       STDIN_EMPTY is shown when the input buffer on the CFINGERD port is  empty.   (This  should
       never really happen; it's here for sanity.)

       TRUSTED_HOST  is  shown  when a trusted host fingers your system.  If you do not specify a
       trusted host, cfingerd will insert "localhost" into this field.

       REJECTED_HOST is shown when a rejected host fingers your system.  If you do not specify  a
       rejected host, cfingerd will insert "0.0.0.0" into this field.

       ROOT_FINGER is shown when a user fingers root.

       SERVICE_FINGER is shown when a user requests fake user services from your system.

       USER_LIST is shown when a user requests a system user listing from your system.

       FAKE_USER is shown when a user fingers a fake user from your system.

       WHOIS_USER  is shown when a user fingers a user with a "WHOIS" query.  (This option is not
       yet available at the time of this writing.)

       FINGER_DENY  is  shown  when  a  user  tries  to  finger  with  a  forward  request   like
       user@host1@host2.  This  is  not  supported as it could result in finger loops and lots of
       traffic.

SIGNAL STRINGS CONFIGURE SECTION (CONFIG signal_strings)

       This section is used in changing the output that is given when  a  system  crashes,  or  a
       signal is caught, and reported to the finger output.

       The supported caught signals are as follows:

       SIGHUP,  SIGINT,  SIGQUIT,  SIGILL,  SIGTRAP,  SIGABRT, SIGFPE, SIGUSR1, SIGSEGV, SIGUSR2,
       SIGPIPE, SIGALRM, SIGTERM, SIGCONT, SIGTSTP, SIGTTIN, SIGTTOU,  SIGIO,  SIGXCPU,  SIGXFSZ,
       SIGVTALRM, SIGPROF, SIGWINCH

FINGER PROGRAMS FILES SECTION (FILES finger_programs)

       These  are  the  programs  that  are  called  when a specific action is take on the finger
       display.

       FINGER is the file that is used when a system user listing is requested from your machine.
       This  is  used in the standard user list and in the sorted user list, so it is wise to use
       the standard here; this being /usr/sbin/userlist.

       WHOIS is the program that is used when a "whois" request is done on a specific user.  This
       is currently not used.

FINGER FAKEUSERS FILES SECTION (FILES finger_fakeusers)

       These are the ever-popular fake users that you can create on your system.  These users are
       ones that don't exist (and should not, for that matter.)  These are, instead,  treated  as
       normal scripts that can be called for your use.

       The format is as follows for fake users:
           "fake_username", "Script name", SEARCHBOOL, "script"
       where...

       fake_username  is the name of the fake user you want to request.  Make sure that this is a
       user that DOES NOT exist on your system.  Keep in mind that if you create a fake username,
       and  that  user already exists, the fake username will be shown. If you prepend '-' before
       the username, the fake user will not be shown on the list of services.

       Script name is the standard name of your script.  This is used  in  the  display  of  your
       services listing.

       SEARCHBOOL specifies whether or not parameters can be sent to that specific fake user.  If
       you decide to use the SEARCHBOOL option (ie. TRUE in this case), the passed variables are:

         $1 - First passed option,
         $2 - Second passed option,
         $3 - Third passed option, and
         $4 - Fourth passed option.

       (If more than four options were passed to this, the request will be ignored, and an  error
       message will be returned to the user that requested the finger request.)

       script is the location of your script.  It should be chmod 700 and readable only by root.

       If  you do not specify any fake users, a fake user called "None" will be created.  This is
       a fake user that does nothing, and calls "/dev/null" for the script.

SERVICES HEADER CONFIGURE SECTION (CONFIG services_header)

       This is the display that is given during a services finger.  It should  be  formatted  the
       same way that you want it to display on the screen.

       When  specifying  the  finger  formatted  options,  you should specify them as C formatted
       strings as well, with the standard options.  This should  always  be  given  last  in  the
       display.

       An example of this would be:

                 Welcome to this system's services!

               User:     Service name:     Searchable:
             -------- -------------------- -----------
             %-8s %-20s %-s

       Where  this would display the above string.  Remember to keep the format string last, or a
       SIGSEGV will result.

SERVICES POSITIONS CONFIGURE SECTION (CONFIG services_positions)

       This specifies where in the above display string  that  the  information  from  a  service
       listing is to go.  These numbers can be anywhere between 1 and 3.

       USER specifies the position of the username listing.

       SERVICE specifies the position of the service full-name listing.

       SEARCH specifies the position of the boolean search display.

CONTACTING

       If  you like the software, and you want to learn more about the software, or want to see a
       feature   added   to   it   that   isn't   already   here,   then    please    write    to
       cfingerd@infodrom.north.de.         The        project's        webpage        is       at
       http://www.infodrom.north.de/cfingerd/ .

       As always, I appreciate any suggestions, or bug reports you  may  have,  so  if  you  have
       suggestions or bug reports, BRING 'EM ON!  :)

SEE ALSO

       cfingerd(8), cfingerd.text(5), userlist(1), finger(1), regex(3), regexp(3).