CFINGERD(8)               (18 Dec 1998)               CFINGERD(8)

     NAME
          cfingerd - Configurable finger daemon.

     SYNOPSIS
          cfingerd [ -c | -e | -o | -v ]
                     -c : Check configuration
                     -e : Emulate local finger w/o inetd
                     -o : Turn off all finger queries
                     -v : Request version information

          -c checks your installed configuration.  This makes sure
          there are no existing errors in the current cfingerd.conf
          file.

          -e allows you to emulate a local finger on a user that
          exists on your system.  This lets you test cfingerd on your
          system before installing it.  Using the "-e" directive is
          the same as installing the software, typing "finger user-
          name@" and getting the output.  Using "-e username" does the
          same.

          -o turns off all finger queries.  This makes it so that no
          one can finger your system - no matter what they try to do.
          Unlike the other options, this option is used in inetd.conf,
          not on the command line.

          -v requests cfingerd version information.

     DESCRIPTION
          CFINGERD is a totally new, and totally configurable finger
          daemon - one of the first.  It listenes on the finger port
          (port 79) to provide useful information about each user that
          is on your system according to the finger protocol as
          described in RFC 1288.  Only thing is, cfingerd provides a
          unique twist.

          CFINGERD was designed for the sole purpose of making output
          on finger queries configurable.  If you want to change any
          text that is displayed during finger queries, you can con-
          figure the finger daemon to display just about anything you
          want.

          CFINGERD also takes into account any security breaches, and
          attempts to close them.  With the added bonus of creating
          ".nofinger" files, this is displayed instead of finger
          information, making it possible for users to keep themselves
          relatively anonymous from outside users.  For a maximum of
          users privacy you should place an exact copy of
          /etc/cfingerd/nouser_banner.txt in your .nofinger file.

     Page 1                   cfingerd 1.4.2         (printed 5/24/22)

     CFINGERD(8)               (18 Dec 1998)               CFINGERD(8)

     WHY WAS IT DONE?
          The answer is simple.  Security.  Many sites turn off finger
          for the reason that they don't want outside users to see
          who's on their system, or get information about a specific
          user on their system.  This seemed unfair to the rest of the
          users out there, so this program was created. Besides, those
          sites were waiting for this type of program.  Many sites
          that originally had their finger turned off turned them back
          on because of cfingerd.

          Many sites have complained that they wanted the ability to
          create a "fake-user", or a user that doesn't exist but calls
          a pre-written shell script. CFINGERD has taken this into
          account, and provides the best method possible for creating
          such scripts.  (See cfingerd.conf(5) for more information on
          the configuration file.)

     FEATURES CFINGERD PROVIDES, AND DESCRIPTIONS OF EACH
          CFINGERD was totally rewritten.  Why is this?  Well, the
          older version of cfingerd had quite a few bugs, and it
          didn't quite do all of the things that cfingerd now does.
          This new version was totally revamped, and most of the bugs
          that were in the older version of cfingerd were removed in
          this one.  Besides, the code in here was more compact.

          Header and footer displays were a very big part of the orig-
          inal release of cfingerd, and shall continue to remain in
          all versions.  Headers and footers are only displays at the
          beginning and ending of all finger displays, and are used as
          unique little "advertisements" or such.

          Last time displayed is always a critical issue.  It's cov-
          ered in cfingerd.  Cfingerd simply shows how many times this
          user is connected, what their idle time is on each TTY
          they're connected to, and whether or not they are accepting
          messages.  If they're not accepting messages, a "[MESG-N]"
          display will be shown if this is the case.  This display
          also shows the last time mail was read, and whether or not
          this user has mail.  If this is still too much for your
          taste, each of these items can be disabled system wide.

          Stand-alone and INETD support is compiled into the program,
          but only INETD support is given for the time being.  The
          reason being is that I have not yet added the code for
          stand-alone daemon mode.

          .nofinger files are used when a user wishes to remain anony-
          mous.  These files should be placed in their home directo-
          ries, and can display anything they want. There's just a few
          restrictions.  These .nofinger display files cannot be char-
          acter devices, directories, fifos, soft or hard links, or
          anything else of that caliber.  They must only be normal

     Page 2                   cfingerd 1.4.2         (printed 5/24/22)

     CFINGERD(8)               (18 Dec 1998)               CFINGERD(8)

          files.

          Fakeusers were supported for the simple fact that many sites
          want to create users that don't exist, and make them execute
          a shell.  If you want this done, then install a fake user.
          Read up in cfingerd.conf(5) for more information on these
          useful options.

          Service listings were used to show what fakeusers you have
          installed on your system. These can be formatted however you
          wish, and are explained (once again) in cfingerd.conf(5).

          Searching for usernames is a very powerful feature that
          cfingerd takes full advantage of.  If you are looking for a
          specific username on the system, or don't know what their
          name is, simply use the  search.pattern directive with
          cfingerd will search for all users containing pattern in
          their real name or username on that system.

          Searching for usernames is NOT case sensitive.  You may
          search for a specific username or real name, for part of the
          username or real ame, or for a pattern matching the entire
          username or the entire real ame.  If you search for part of
          a user's name, chances are, it'll be displayed.

          Warning searching will currently return the names of daemon
          users and users

          and you will be able to search for a user on your system.

          Security is a given.  If you don't want to show someone
          something, then it won't display what you don't want.  Sim-
          ply edit the cfingerd.conf file and make changes.  It's that
          simple.

          Searching for usernames is NOT case sensitive.  If you are
          searching for a specific username, or part of the user's
          name.  If you search for part of a user's name or username,
          chances are, it'll be displayed.

          Not just PLAN, or PROJECT but there's also an option to dis-
          play your public PGP key, if you have one.  This is very
          useful if you want to keep your mail or other information
          secret to yourself, and don't want "big brother" watching
          over your shoulder as you talk amongst yourselves.  (Thanks
          to Andy Smith for this patch).  (For your info, the standard
          plan file is .plan, project is .project, PGP info is
          .pgpkey, and XFace icon information is .xface)

          Remember, any or all of these options stated above, can be

     Page 3                   cfingerd 1.4.2         (printed 5/24/22)

     CFINGERD(8)               (18 Dec 1998)               CFINGERD(8)

          turned on or off at will.  If you want a specific option
          turned off, turn it off.  :)

     FULL LIST OF BUILTIN USER NAMES
          cfingerd provides a set of builtin fake users.  Two of them
          are also used internally by cfingerd.

          @    List logged on users without .nofinger file.  If the
               system_list_sites option is used in the main configura-
               tion file cfingerd will try to gather information from
               all listed hosts.

          userlist@
               Same as @, except that it only lists people who are
               idle no longer than one day.  This is intended to give
               a better overview of who's really online at the moment
               of fingering.

          userlist-only@
               List logged on users without .nofinger file - without
               headers and footers.  This fake user is used internally
               to gather system information from remote hosts for @.

          userlist-online@
               List logged on users without .nofinger file - without
               headers and footers.  Only users will be listed who are
               idle no longer than a day.  This fake user is used
               internally to gather system information from remote
               hosts for userlist@.

          version@
               Display version information for cfingerd.

          services@
               List all fake users.

          search.pattern@
               Search for users using the GCOS field in /etc/passwd.
               Only users will be displayed who don't have a
               .nofinger-file.

          help@
               Help text listing all of these.

          These can be disabled in cfingerd.conf(5) as follows

          @ and userlist@
               Set SYSTEM_LIST to FALSE.

          userlist-only@ and userlist-online@
               Disable ALLOW_USERLIST_ONLY (i.e. prefix it with a
               minus sign) or disable SYSTEM_LIST.

     Page 4                   cfingerd 1.4.2         (printed 5/24/22)

     CFINGERD(8)               (18 Dec 1998)               CFINGERD(8)

          version@
               Disable ALLOW_CONFESSION (i.e. prefix it with a minus
               sign).

          services@
               Disable ALLOW_FAKEUSER_FINGER (i.e. prefix it with a
               minus sign).

          search.pattern@
               Disable ALLOW_SEARCHABLE_FINGER (i.e. prefix it with a
               minus sign).

          help@
               Disable ALLOW_CONFESSION (i.e. prefix it with a minus
               sign).

     ERROR MESSAGES
          Any error messages that result are fairly easy to debug if
          you know what to look for.

          Segmentation Violations don't always occur, but if they ever
          do, you can pretty easily figure out what's going on.
          Unfortunately, cfingerd doesn't have any compatibility with
          older cfingerd.conf files, so if you get a Segmentation Vio-
          lation, this (usually) means that your cfingerd.conf file
          needs to be replaced.

          Timeouts usually mean that a script has timed out, or a con-
          nection to another site timed out.

     SYSLOGGING MESSAGES
          Well, there's no real way to describe SYSLOG messages since
          they can be changed as the system administrator chooses.
          Although, examples can be given based on the standard con-
          figuration that was distributed.

          If any IP addresses cannot be matched to a name it will dis-
          play a "IP: Hostname not matched".

          If the renice fails (to make the program run at the highest
          priority) then it will display "Fatal - Nice died: (rea-
          son)".

          If there is no buffer information waiting in the STDIN
          buffer, it will display "STDIN contains no data".

          If a trusted host fingers your site, a "<- Trusted" will
          appear.

          If a rejected host fingers your site, a "<- Rejected" will
          appear.

     Page 5                   cfingerd 1.4.2         (printed 5/24/22)

     CFINGERD(8)               (18 Dec 1998)               CFINGERD(8)

          If root is fingered on your site, it will display "Root".

          If a service listing was fingered on your site, it will dis-
          play "Service listing".

          If a user listing was requested, it will display "User list-
          ing".

          If a fake user was requested, it will display "Fake user".

          If "whois" data was requested, it will display "Whois
          request".  (Note, whois was not implemented in this release,
          since it wasn't 'RFC' compliant.)

          Any extra information pertaining to the incoming finger is
          displayed in the syslogging area.  (It's also recommended
          that you reconfigure syslog.conf(5) to display to an unused
          VT.  :)

     PLANS
          Any other options or improvements will probably come from
          user suggestions.  :)

          Later plans will make it so that you can define your own
          display formats for the finger display.  This means that you
          can re-define how you want your finger display to look.

     CONTACTING
          If you like the software, and you want to learn more about
          the software, or want to see a feature added to it that
          isn't already here, then please write to
          cfingerd@infodrom.north.de.  The project's webpage is at
          http://www.infodrom.north.de/cfingerd/ .

     SEE ALSO
          cfingerd.conf(5), cfingerd.text(5), finger(1), userlist(1),
          syslog.conf(5).

     Page 6                   cfingerd 1.4.2         (printed 5/24/22)