CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

     NAME
          cfingerd.conf - configurable finger daemon configuration
          file.

     SYNOPSIS
          /etc/cfingerd.conf

     DESCRIPTION
          cfingerd.conf is the configuration file for cfingerd.
          cfingerd has been totally rewritten to support a more read-
          able configuration file.  This version of the new configura-
          tion file is NOT compatible with the older versions from
          1.0.3 or below.

          The configuration file is split into sections of three gen-
          eral types: FILES, CONFIG, and HOSTS.

          Each one of those sections is split into subsections, which
          will be explained next.

          Subtext of each option is either boolean options, string
          options, or switchable options, all changeable by the system
          administrator.

          Each section is split into a series of sections that resem-
          bles C type definition; not exact, but close enough to be
          familiar with it.  :) There's only one exception - these are
          not case sensitive.  Any casing will do, as long as the
          option is legal.

          Thus, each section is formatted like this:

               OPTION section_name = {
                 (tab/space) string_option = "string_format",
                 (tab/space) +/-boolean_pair_option = [BOOL, BOOL],
                 (tab/space) +/-internal_config_option
                 (tab/space) host.name.here
               }

          This illustrates that string options are strings put into
          "quotes", boolean options are given as TRUE and FALSE,
          switchable options are given with the + or - directive, and
          hostnames are used as substrings, so that wildcards are not
          necessary.

          A few sections simply contain a block of text to be used as
          the value of a single option, which one is indicated by the
          section name itself.

          You may add comments using the hash mark ``#'' at the

     Page 1                        1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

          beginning of the line.  Please note that no comments are
          allowed inside of a section.

     DISPLAY FILES SECTION (FILES display_files)
          Each option here is a string option.  The first 6 options
          are relative to the home directory of whatever user was fin-
          gered, the remaining are absolute and should start with a
          "/".

          PLAN is the optional plan file which contains the text dis-
          played as the users plan.  The default is .plan.

          PROJECT is the optional project file that is used when dis-
          playing a project description.  The standard here is
          .project.

          PGP_KEY is the optional "Pretty-Good-Privacy" file that is
          shown when displaying a public or private key.  The standard
          here is .pgpkey.

          XFACE is the optional file that shows the user's face.
          (This is commonly used in E-Mail messages.)  The standard
          here is .xface.

          NO_FINGER is the optional file that is shown when a user
          wishes to remain anonymous.  This is usually the case with
          root users (which should be standard, anyway).  In order to
          hide the user this file should be an exact copy of the
          nouser_banner.txt file.  The standard here is .nofinger.
          This file can only be a standard displayable file.  This
          option will also hide the user from a "search.pattern"
          query.  If any user can read this file it will also be hon-
          ored by a userlist (@host) query.  This is done by a non-
          priviliged program so the uid can't be changed.

          USERLOG is the optional file in which all attempts to finger
          a user are logged for the users own reference.  If
          ALLOW_USERLOG is not enabled this file is completely
          ignored.  If ONLY_CREATE_FINGERLOG_IF_FILE_EXISTS is enabled
          cfingerd will only document finger requests if this file
          already exists in the users home directory.  The default
          name is .fingerlog.

          MAILBOX is the file that is checked to see where the user's
          mailbox is.  If you are using a regular Unix mail transport
          agent (such as sendmail(1), smail(1) or exim(1)),youwoulduse
          /usr/spool/mail/$USER here.  If you are using something like
          qmail, you would use $HOME/Mailbox. The path must be given
          as well as the filename to check for.  $USER will expand to
          the proper username. $HOME will expand to the proper home
          directory for that very user. If MAILBOX is set to``QMAIL''
          cfingerd assumes that Qmail is used on the local system and

     Page 2                        1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

          therefore will read ~/.qmail files instead of common mailbox
          files.

          LOGFILE is the file that is used to keep logs of everything
          that happens to your finger program.  These logs are kept as
          backups for your finger file, and can be used to guard
          against attacks against your system if a finger attack
          occurs.  By keeping cfingerd.conf readable only by root the
          logfile should be kept in a safe, hidden place.

          HEADER_DISPLAY is the file that is displayed at the top of
          each finger reply.  The standard here is
          /etc/cfingerd/top_finger.txt.

          FOOTER_DISPLAY is the file that is displayed at the end of
          each finger reply.  The standard here is
          /etc/cfingerd/bottom_finger.txt.

          NO_USER_BANNER is the file that is displayed if the user
          doesn't exist.  The standard here is
          /etc/cfingerd/nouser_banner.txt.

          NO_NAME_BANNER is the file that is displayed if no name was
          specified in a finger request if a system listing is not
          allowed by the SYSTEM_LIST option (explained later).  The
          standard here is /etc/cfingerd/noname_banner.txt.

          REJECTED_BANNER is the file that is displayed if a rejected
          host tries to finger your system for any reason.  The stan-
          dard here is /etc/cfingerd/rejected_banner.txt.

     FINGER DISPLAY CONFIGURE SECTION (CONFIG finger_display)
          Each option in this section is boolean.  The way this works
          is as follows:  The first boolean option is the setting for
          a remote host, or a host that fingers you from the outside.
          The second boolean option is the setting for the local host,
          or trusted host.  This is what people from your own system
          will see.

          TRUE means that this item is included in the cfingerd reply.
          FALSE means it is omitted.  Unless otherwise specified these
          items only appear if an existing user is fingered.

          Each option has a "-" or "+" option.  This is for
          user-overridable options, which will be in the next release
          of cfingerd.  These will allow each user to manipulate if
          this information is displayed when that specific user is
          fingered.

          HEADER_FILE displays the header file at the beginning of
          each finger reply.

     Page 3                        1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

          FOOTER_FILE displays the footer file at the end of each fin-
          ger reply.

          LOGIN_ID displays the login ID of that particular user.

          REAL_NAME displays the real name of that particular user.

          DIRECTORY displays the user's directory.

          SHELL displays the user's shell.

          ROOM_NUMBER displays the user's room number.

          WORK_NUMBER displays the user's work phone number.

          HOME_NUMBER displays the user's home phone number.

          OTHER displays the user's other information.

          LAST_TIME_ON displays the last time the user has logged into
          the fingered system.

          IF_ONLINE displays whether or not the user is currently
          logged into the fingered system.

          TIME_MAIL_READ displays the last time that the fingered user
          has read mail.

          DAY_MAIL_READ displays the last day that the fingered user
          read his/her mail.

          ORIGINATION displays the site from which the user logged in
          (if applicable.)

          PLAN displays the user's plan file.

          PROJECT displays the user's project file.

          PGP displays the user's Pretty-Good-Privacy key file.

          XFACE displays the user's XFACE file.

          NO_NAME_BANNER displays the banner if no username was given.

          REJECTED_BANNER displays the rejected banner file if the
          site fingering your system was in the banned-site listing.

          SYSTEM_LIST displays the system list if one was requested.

          NO_NAME displays the NO_USER_BANNER file if no user was
          selected.

     Page 4                        1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

     INTERNAL CONFIG SECTION (CONFIG internal_config)
          Each item in this section is a switchable option.  This
          means that a "+" before the item enables it while a "-"
          before the item turns it off.

          ALLOW_MULTIPLE_FINGER_DISPLAY tells cfingerd to add the sys-
          tem finger information from the hosts listed in the
          system_list_sites instead of only the localhost.  This is
          useful when you have more than one ISP machine, located in
          different cities, or even states.

          ALLOW_SEARCHABLE_FINGER allows you to let others outside of
          your system (or within it) to search for a specific username
          by using the "search.pattern" directive.

          ALLOW_NO_IP_MATCH_FINGER allows you to let sites finger your
          system if a hostname could not be matched to their IP
          address successfully.

          ALLOW_USER_OVERRIDE will allow your users to override spe-
          cific options in the FINGER DISPLAY section that you enable.
          This is not yet implemented.

          ALLOW_USERLIST_ONLY will allow other sites to get a short-
          ened form of the "finger @hostname" response by issuing
          "finger userlist-only@hostname".  The shortened form does
          not merge in other computers even if
          ALLOW_MULTIPLE_FINGER_DISPLAY is enabled, and omits the
          usual headers and footers.  This listing is only available
          if the remote user is allowed to query for a regular system
          list, so SYSTEM_LIST from the finger_display section needs
          to be enabled, too.

          ALLOW_FINGER_FORWARDING will allow other sites to forward
          finger requests to a different machine if the user could not
          be located on the current machine.  (In order to use this
          option, you MUST have the HOSTS finger_forward option set,
          and have other sites in there.)

          ALLOW_STRICT_FORMATTING makes the finger display remove all
          returns between display options. This makes the finger dis-
          play look horrible (as with GNU Finger or the other generic
          fingers) and makes your system look, well, "generic".  :)

          ALLOW_VERBOSE_TIMESTAMPING makes the timestamp that is dis-
          played (at any place) very verbose.  For instance, where it
          used to say:

          On since Sat Aug 12 03:43PM (PDT)

          would now be shown as:

     Page 5                        1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

          On since Sat Aug 12, 1995 03:43PM (PDT)

          (Basically, ALLOW_VERBOSE_TIMESTAMPING just takes up more
          room on the display field.)

          ALLOW_NONIDENT_ACCESS lets cfingerd also accept connections
          from sites that don't run the IDENT daemon (or RFC1413-
          compliant program.)  This is for security sake, and is a
          good measure against unknown users trying to finger your
          system.  If this option is enabled, users that do not have
          identd running on their system (ala Windows users) will be
          able to finger your system.  Systems NOT running identd will
          return "unknown" as the user ID, and will thusly not be per-
          mitted to finger a user on your system.

          ALLOW_FINGER_LOGGING enables cfingerd to use the LOGFILE
          file to store any logs of activity that happen to your sys-
          tem via finger.

          ALLOW_LINE_PARSING makes cfingerd parse each line of every
          display file (including the plan, project, and pgp files)
          for any cfingerd-specific "$" commands.  If any are found,
          cfingerd will parse these commands and display correct
          information accordingly.  Otherwise, if this is turned off,
          the display will appear without parsed commands.

          ALLOW_EXECUTION will allow users to execute scripts in place
          of their .plan, .project, and .pgp files.  This is used to
          display the standard output of another program directly to
          the screen of the user.  Keep in mind that this is a HUGE
          security risk, should you choose to use it.  It's normally
          suggested that this remain off, but you can turn it on if
          necessary. Nevertheless these programs are called as
          nobody.nogroup as effective user (while the real user will
          still be root, but a called program won't be able to change
          this back).

          ALLOW_FAKEUSER_FINGER turns on or off the fake user option
          in cfingerd.  If you want fake users to be defined, and
          available to be fingered, you will want to enable this
          option.  This can be a security risk in some instances if
          you allow for searchable fingers, and your script calls an
          execute routine on that variable...  But chances are,
          that'll never happen.

          ALLOW_USERLOG will allow users to keep track of who has fin-
          gered them, and at what time.  The default name of this user
          logfile is .fingerlog.

          ALLOW_CONFESSION enables two fakeusers "help" and "version"
          that provide information about the system running.  Some
          people don't like that so you can turn it off.  When

     Page 6                        1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

          fingered the requestor will only see the NO_USER_BANNER so
          he can't guess that the fakeuser is supported.

          ONLY_SHOW_HEADERS_IF_FILE_EXISTS will only show the header
          of the .plan, .project, etc. files if they exist.  If the
          file doesn't exist, the header will not be shown.  This
          saves space on the final output of the finger data.

          ONLY_CREATE_FINGERLOG_IF_FILE_EXISTS will only create a
          .fingerlog file in the fingered user's home directory if one
          exists (and is read/writable by the user.)  This is to cut
          down on hard drive space if they don't want a .fingerlog
          file.

     SYSTEM LIST SITES SECTION (CONFIG system_list_sites)
          This is just a series of hostnames that you want to finger
          when displaying a userlist query (finger @localhost) .  If
          you have more than one system that you want to show, simply
          put their hostnames in this list, separated on a line by
          itself.

          A good example of the way this works is this: If you have a
          separate ISP system that you are running on the side, say
          "chatlink.com", then I would change my configuration to say:

              CONFIG system_list_sites = {
                      chatlink.com,
                      localhost
              }

          Remember, if you are listing only a couple of sites, list
          the sites you will want to have listed (in order) first.
          These sites are required to run cfingerd as well and they
          must not be offline while fingering.  The ending entry MUST
          be the localhost, or the finger listing will not include
          your site.  If you include localhost anywhere else in the
          list, it will stop once it has reached the localhost entry,
          so remember to list it last!

          For the simple fact that I want to get a user listing from
          my own machine, and from chatlink.com's system.  This would
          be automatically formatted nicely (ie. sorted and parsed)
          and would display on the screen in sorted order.  This pro-
          gram is usually used in tandem with the supplied userlist(1)
          program.

          If no system list sites are specified, multiple system sites
          will not be specified.

     TRUSTED HOST SECTION (HOSTS trusted)
          This is a listing of the sites that you allow to finger your
          system exclusively, giving them the same access that your

     Page 7                        1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

          local users would get.  In other words, they are treated as
          "localhost" users.

          Each site that you list in this section should be separated
          by using the "," character.  You can include up to 80 sites
          in this listing.

          Wildcards are supported in this section, and you may use
          them in the regex format as well.  Any wildcards with "*",
          "?", or any other regex wildcard matching character will
          work.  IP addresses will also work.  Hostnames are compared
          case insensitive.

     REJECTED HOST SECTION (HOSTS rejected)
          This is a listing of the sites that you do not allow to fin-
          ger your system.  These sites don't get to finger anyone (or
          anything for that matter) on your system, regardless of what
          they try to do.  In essence, finger is cut off to those par-
          ticular systems.

          Each site that you list in this section should be separated
          by using the "," character.  You can include up to 80 sites
          in this listing.

          Wildcards are supported in this section, and you may use
          them in the regex format as well.  Any wildcards with "*",
          "?", or any other regex wildcard matching character will
          work.  IP addresses will also work.  Hostnames are compared
          case insensitive.

     FORWARDED HOST SECTION (HOSTS finger_forward)
          This is a listing of sites that are used to forward a finger
          query to when a finger request was processed, but that par-
          ticular user was not found on the associated system.  It
          will step through this listing, and it will search for the
          user in question.  If the user could not be found, then it
          will step through to the next host, and the next, until it
          finds one.

          Each site that you list in this section should be separated
          by using the "," character.  You can include up to 80 sites
          in this listing.

          Wildcards are supported in this section, and you may use
          them in the regex format as well.  Any wildcards with "*",
          "?", or any other regex wildcard matching character will
          work.  Hostnames are compared case insensitive.

          If you do not specify any forwarding sites in this section,
          finger forwarding will be disabled for your system.

     FINGER STRINGS SECTION (CONFIG finger_strings)

     Page 8                        1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

          Each option in this section is a string that can be changed
          to fit your needs when displaying finger information.  These
          strings are limited to about 20 characters on the display.
          (If you use more than 20, the finger display will end up
          looking strange.)

          USER_NAME is the string that is displayed when the user's
          username is shown.

          REAL_NAME is the string that is displayed when the user's
          real name is shown.

          DIRECTORY is the string that is displayed when the user's
          directory is shown.

          SHELL is the string that is displayed when the user's shell
          is shown.

          ROOM_NUMBER is the string that is displayed when the user's
          room number is shown.

          WORK_NUMBER is the string that is displayed when the user's
          work phone number is shown.

          HOME_NUMBER is the string that is displayed when the user's
          home phone number is shown.

          OTHER is the string that is displayed when the user's other
          display information is show.

          PLAN is the string that is displayed when the user's plan is
          shown.

          PROJECT is the string that is displayed when the user's pro-
          ject is shown.

          PGPKEY is the string that is displayed when the user's PGP
          Key is shown.

          XFACE is the string that is displayed when the user's XFACE
          file is shown.

          NO_PLAN is the string that is displayed if the user doesn't
          have a plan file to show you and
          ONLY_SHOW_HEADERS_IF_FILE_EXISTS is not enabled.

          NO_PROJECT is the string that is displayed if the user
          doesn't have a project file to show you and
          ONLY_SHOW_HEADERS_IF_FILE_EXISTS is not enabled.

          NO_PGP is the string that is displayed if the user doesn't
          have a PGP Key file to show you and

     Page 9                        1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

          ONLY_SHOW_HEADERS_IF_FILE_EXISTS is not enabled.

          NO_XFACE is the string that is displayed if the user doesn't
          have an xface file to show you and
          ONLY_SHOW_HEADERS_IF_FILE_EXISTS is not enabled.

          WAIT is the string that is shown when the system gathers
          information from other sites for a user listing.

     INTERNAL STRINGS SECTION (CONFIG internal_strings)
          These strings are changeable, and can be any length you want
          (within reason).  These strings are concattenated into the
          syslogging display when the appropriate finger has been
          issued.  This section also includes error messages that may
          occur.

          NO_IP_HOST is shown when there is no hostname that matches
          the incoming IP address. This usually indicates that either
          the site didn't register their IP address with the InterNIC,
          or they are coming from a hacked site.

          RENICE_FATAL is shown when the system failed to change the
          execution priority on the current process of cfingerd.

          STDIN_EMPTY is shown when the input buffer on the CFINGERD
          port is empty.  (This should never really happen; it's here
          for sanity.)

          TRUSTED_HOST is shown when a trusted host fingers your sys-
          tem.  If you do not specify a trusted host, cfingerd will
          insert "localhost" into this field.

          REJECTED_HOST is shown when a rejected host fingers your
          system.  If you do not specify a rejected host, cfingerd
          will insert "0.0.0.0" into this field.

          ROOT_FINGER is shown when a user fingers root.

          SERVICE_FINGER is shown when a user requests fake user ser-
          vices from your system.

          USER_LIST is shown when a user requests a system user list-
          ing from your system.

          FAKE_USER is shown when a user fingers a fake user from your
          system.

          WHOIS_USER is shown when a user fingers a user with a
          "WHOIS" query.  (This option is not yet available at the
          time of this writing.)

          FINGER_DENY is shown when a user tries to finger with a

     Page 10                       1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

          forward request like user@host1@host2. This is not supported
          as it could result in finger loops and lots of traffic.

     SIGNAL STRINGS CONFIGURE SECTION (CONFIG signal_strings)
          This section is used in changing the output that is given
          when a system crashes, or a signal is caught, and reported
          to the finger output.

          The supported caught signals are as follows:

          SIGHUP, SIGINT, SIGQUIT, SIGILL, SIGTRAP, SIGABRT, SIGFPE,
          SIGUSR1, SIGSEGV, SIGUSR2, SIGPIPE, SIGALRM, SIGTERM, SIG-
          CONT, SIGTSTP, SIGTTIN, SIGTTOU, SIGIO, SIGXCPU, SIGXFSZ,
          SIGVTALRM, SIGPROF, SIGWINCH

     FINGER PROGRAMS FILES SECTION (FILES finger_programs)
          These are the programs that are called when a specific
          action is take on the finger display.

          FINGER is the file that is used when a system user listing
          is requested from your machine.  This is used in the stan-
          dard user list and in the sorted user list, so it is wise to
          use the standard here; this being /usr/sbin/userlist.

          WHOIS is the program that is used when a "whois" request is
          done on a specific user.  This is currently not used.

     FINGER FAKEUSERS FILES SECTION (FILES finger_fakeusers)
          These are the ever-popular fake users that you can create on
          your system.  These users are ones that don't exist (and
          should not, for that matter.)  These are, instead, treated
          as normal scripts that can be called for your use.

          The format is as follows for fake users:
              "fake_username", "Script name", SEARCHBOOL, "script"
          where...

          fake_username is the name of the fake user you want to
          request.  Make sure that this is a user that DOES NOT exist
          on your system.  Keep in mind that if you create a fake
          username, and that user already exists, the fake username
          will be shown. If you prepend '-' before the username, the
          fake user will not be shown on the list of services.

          Script name is the standard name of your script.  This is
          used in the display of your services listing.

          SEARCHBOOL specifies whether or not parameters can be sent
          to that specific fake user.  If you decide to use the
          SEARCHBOOL option (ie. TRUE in this case), the passed vari-
          ables are:

     Page 11                       1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

            $1 - First passed option,
            $2 - Second passed option,
            $3 - Third passed option, and
            $4 - Fourth passed option.

          (If more than four options were passed to this, the request
          will be ignored, and an error message will be returned to
          the user that requested the finger request.)

          script is the location of your script.  It should be chmod
          700 and readable only by root.

          If you do not specify any fake users, a fake user called
          "None" will be created.  This is a fake user that does noth-
          ing, and calls "/dev/null" for the script.

     SERVICES HEADER CONFIGURE SECTION (CONFIG services_header)
          This is the display that is given during a services finger.
          It should be formatted the same way that you want it to dis-
          play on the screen.

          When specifying the finger formatted options, you should
          specify them as C formatted strings as well, with the stan-
          dard options.  This should always be given last in the dis-
          play.

          An example of this would be:

                    Welcome to this system's services!

                  User:     Service name:     Searchable:
                -------- -------------------- -----------
                %-8s %-20s %-s

          Where this would display the above string.  Remember to keep
          the format string last, or a SIGSEGV will result.

     SERVICES POSITIONS CONFIGURE SECTION (CONFIG services_positions)

          This specifies where in the above display string that the
          information from a service listing is to go.  These numbers
          can be anywhere between 1 and 3.

          USER specifies the position of the username listing.

          SERVICE specifies the position of the service full-name
          listing.

          SEARCH specifies the position of the boolean search display.

     CONTACTING
          If you like the software, and you want to learn more about

     Page 12                       1.4.2             (printed 5/26/22)

     CFINGERD.CONF(5)          (19 Dec 1998)          CFINGERD.CONF(5)

          the software, or want to see a feature added to it that
          isn't already here, then please write to
          cfingerd@infodrom.north.de.  The project's webpage is at
          http://www.infodrom.north.de/cfingerd/ .

          As always, I appreciate any suggestions, or bug reports you
          may have, so if you have suggestions or bug reports, BRING
          'EM ON!  :)

     SEE ALSO
          cfingerd(8), cfingerd.text(5), userlist(1), finger(1),
          regex(3), regexp(3).

     Page 13                       1.4.2             (printed 5/26/22)