Running & Using A Finger Daemon

The finger application was written in the 1970s to allow users on a network to retrieve information about other users. Back before Twitter and other micro-blogging platforms, someone could use the finger command to retrieve public contact information, project notes, GPG keys, status reporting, etc. from a user on a local or remote machine.

Finger has mostly faded into obscurity due to many organizations viewing the availability of public contact information as a potential security hole. With great ease, attackers could learn a target’s full name, phone number, department, title, etc. Still, many embraced the reach that finger could provide. Notably, John Carmack of id Software maintained detailed notes outlining his work in game development.

These days, finger is usually found only on legacy systems or for novelty purposes due to much of its functionality being replaced with the more-usable HTTP.
 
Installing finger & fingerd

This guide assumes we are running a Debian-based operating system with a non-root, sudo user. To allow finger requests from other machines, make sure the server has port 79 open and available.

The first thing we will need to do is install the finger client, finger daemon, and inet daemon:

The inet daemon is necessary to provide network access to the finger daemon. inetd will listen for requests from clients on port 79 (designated for finger) and spawn a process to run the finger daemon as needed. The finger daemon itself cannot listen for these connections and must instead rely on inetd to act as the translator between the sockets and standard input/output.

To ensure that we have IPv6 compatibility (as well as maintain IPv4 compatibility), we will edit the inetd.conf configuration file:

sudo nano /etc/inetd.conf

Find the section that is labeled INFO, and comment out the line under it defining the finger service:

#finger    stream    tcp    nowait        nobody    /usr/sbin/tcpd    /usr/sbin/in.fingerd

Now below it we will add two lines that define the service for IPv4 and IPv6 explicitly:

finger    stream    tcp4    nowait        nobody    /usr/sbin/tcpd    /usr/sbin/in.fingerd
finger    stream    tcp6    nowait        nobody    /usr/sbin/tcpd    /usr/sbin/in.fingerd

Then we will restart inetd to run the changes:

sudo /etc/init.d/inetutils-inetd restart

Now we can use the finger command against our machine:

finger @locahost

 
User Configuration

Each user will have some user information displayed such as real name, login, home directory, shell, home phone, office phone, and office room. Many of these fields are probably not set for the current user account, but many of these can easily be updated with new information.

The chfn utility is built specifically to change information that is retrieved by the finger commands. We can run it interactively by invoking it:

chfn

If we run through this once, we may not be able to edit our full name or wipe out the contents of certain fields. Thankfully, chfn takes several flags to modify these fields individually (and with empty strings accepted!):

$ chfn -f "full name"
$ chfn -o "office room number"
$ chfn -p "office phone number"
$ chfn -h "home phone number"

Now that our information is set, we can start creating files that will be served by finger.

The first file will be the .plan file. This is typically used to store updates on projects, but can be used for pretty much anything such as schedules, favorite quotes, or additional contact information.

nano ~/.plan

Next, we can create a .project file. This file is traditionally used to describe a current project, but can house any content provided it displays on a single line.

nano ~/.project

Next, if we have a GPG key, it can also be included via the .gnupg file.

gpg --armor --output ~/.gnupg --export "my name"

Depending on our machine’s configuration, we can also set up mail forwarding which will be shown when our user account is queried via a .forward file.

echo my@other.email.com > ~/.forward

Now that all the files are created, we need to change the permissions on them to allow them to properly be read by finger. This command will allow others to read and execute our new files:

chmod o+rx ~/.plan ~/.project ~/.gnupg ~/.forward

Afterwards, anyone with finger should be able to query the account provided the host is reachable and the port is exposed:

$ finger famicoman@peer0
Login: famicoman                        Name: mike dank
Directory: /home/famicoman              Shell: /bin/bash
Office: #phillymesh, famicoman@gmail    Home Phone: @famicoman
On since Wed Mar  1 18:28 (UTC) on pts/0 from ijk.xyz
   5 seconds idle
No mail.
PGP key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFhQteQBEADOQdY/JyNsRBcqNlHJ3L7XeMWWqG+vlGYjF5sOsKkWDrgRrAhE
gJthGdPSYLIn5/kRst5PkDGjZHFq1k4VAaUlMslCbLgj0xMzUWmhGRKtFjrnQzFi
UVaW/GcW682b5wKkEbSpwRrLHJ19cwYiQHRA6dahiCkWkdh7MluHKTwU1kaUrs3E
3satrSAlOJHH2bg5mDuQPTov/q6hot2pfq8jseQuwVflssqOt4tx3o0tcwbKJwQs
8qU3cVkfg+gzzogM5iMmKAjhFt9Ta7E2kp+iR8gOkH7CK2tu+WIpdpSYuIOe2nEa
AdYSGJRmIZxqwGPwZu893OiYTiLF2dGEWj4cSmZFJ9BYxw9b7dMePDs3l9T1DyJN
FF6JyqtiTpSOfw4+9oNL/+8kmRFMtQBGDH5Dqn4Bg+EYUUGWh3BQb1UGRGNRbls1
SYw4unPsMAaGd0tqafyEOE7kHcQwGMWyI4eFi0bkBRTCvjyqTqTImdr4+xRKn4rW
vS+O+gSSWnrKW67TF0vFuPKV4w4sdPhldcYZjiPNI1m6nmnih4756LW+W5fCKMyN
RN4yPmaF6awEM3fPf3BWhxDmsBvYLqLlE9b6DQ6DmIsC6x5S/jBFr/W0cgZKuMBR
wIHGIpCTgkVsvjTxTeDnZQzEuaZFOpHrYBYG0+JccE5ZZ2/aEupB1tLWzwARAQAB
tCtNaWtlIERhbmsgKEZhbWljb21hbikgPGZhbWljb21hbkBnbWFpbC5jb20+iQI+
BBMBAgAoBQJYULXkAhsDBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
CRAWGa5NfPKo9xBPEADGK7ol4nU1cDpYc6XPYb4w4s8G/9Ht3UGZvy4ClB7TvntR
HuixWISQyElK4pDntrpXfLmDgqNQqUtjev6w0uEEc7MQW0WBYPlJ9rmVuDJtPjOP
hr9wUnwrd6KypHGw1Y6qukf/w8gCDZyZ8BVOm3r6XT6VlpuVVBP16ax6Mh7sTf4i
/D8D1JH89zApfplqiiA+OAvunbm19jrczby5ILhevbwfpP+ob7FqevCQi/ppGncg
s2LZceIYPh09OzakBiZkIwzMsuWHYxrenUmg8kuVaVyaGXdCc+KZr7c4oGioLxOL
8p8PunjL+i/uGtvZ3tQEvHjB9r1Ghu1t5MUQC4xTvgLnvLOQA0gmknwRQ6nSWrQf
yDJPnaJcBKlfnCR7eKtotsTobUCWDMC9sEvLjLYMgxtEbu46/J57oDQ1LniejI9X
rTUN8cnRLpOQUy0eTBTtUWYqdqO9fAjvMIsnWR4IcMlTJazghygQ+zENvGlEfey2
NL4nC2Yus3EAeCEJC52vccSsf3b7HT/4GemNOVjh72kZ1FM6HL+UNaU7JLppNQk6
mFKC3/wIKxKBjm/vR21Efl+f2iwUAiLjrugaY6g4BXPX3p6iCHftEW7gA6s4UC0A
1HYScq9Duxv+AQpe/mfVA2SBrD3OLTknW2Z5EZSTHqyzRQtHviXTRkdtQscF7rkC
DQRYULXkARAAugwI5dpLpIYI4KZcHsEwyYqUL35ByGCuqklYGOSMkkX0/WFH2ugv
Vs8fqgrn/koXjKBPpxdElfTAGbD2MSTvAUzwMgvMaLZUxY2Qh1RipkNXvSAO+W6W
nJKyBvasboK8l61yta/RrPvUr+equxtBawD3ja9DPzfTYuVCewR6ztcdvqAho5D1
Ds5HxO6aLPsMW8Fj8kf+Ae5eypuNBAN0ivpkDfQyaungh2EjrVpJzWJ8ZqYah/cK
1R55rPhq/JtjcO8g2nnsi+L5EuMma9+50lVPHlHjO9Y0xaQMq2/rLJcDu8UbymX7
LSoxzixiLYtig3GAB+1XkIqMwaEkFF1zTlAZ7drAfhH1AJ0L7SQBur5J1EM3iRYO
XmelyxJPwKgL4K6U4NnnrVpf71GyBktXyuEiOWDFjINs2OzwL4z/l1oWuJuFW/vO
C/yM5Ed7yzLXm0exAnW8Y0u1hwbhRy31zIYbLeB+PuiAqrnvSr1xhAWalBM3dqF+
VIsuKlcoFOmX74/OCEFQ/cqrrkhQ/PrkZqQZCyjyUhkuIqasMZGhLakAIO226E1r
IsUX0jMliJ/A89ZyDmoZyyvRjyydCkOS5HXahFLCufPC8FgcAL6VcpVF2sHBmWcj
vOlfr7OXHzKvKVNy8qymzyfRCPHoYQvxW9UAhru/iIqKOTIDo3OwJ9EAEQEAAYkC
JQQYAQIADwUCWFC15AIbDAUJCWYBgAAKCRAWGa5NfPKo91+XD/0a+gcsXpKo2gy+
oQC/osyJhesx2CGzZqmSB3fpyq9D+jnsCzt/Bh/EtR+2sUWxokIVc5dLzyr0icNl
c0iJBO6It662Q9FnNemiGgv2PLYbjjDC/CP82QWoWrSzPpDKu0DgrF6+MPQgRleT
Z8g0+nLHYMgCTAPfwaaYHLvLLaOt0Ju7L2kt9TSKn2aU2NJReVC5mm3Jxg6Bz3Ae
iQ6iigKI7R/huVDVzBuJQNiToRQswbb/PidYdwyiI3GJC6m+q8HEWAl+cGahqUVg
IIDlmj6SeIsP0r+SGygX0PRWyW/NmQPWamG5e4TDL0pZpu1CzGqfN/A2KLXVO6ss
X2l2HWadBQgd0goFNX7PK210I5B8SfiJM5+cLgChcT9g3mKil8XUkKTSE+c0Q9e5
1AkUrUS69KZeqqtJOB350YP9ZGY7TbOXjXp0Y0/fo3/X+0sZzmP8jIyozLAecM0e
fPrIeA2mego6nWaSRp5FH8KlvHpUvFcKNV+SVSbrbzmSVSpgKmQRp2kd+tyDOPrt
2tXIoWMYdVtlluSYqR2lPv7WFyxCPX8DmxK6fYeVoqBf+7g4GZPdcSviDBlJEJfc
HAZZKsSZzgMugwqLidQ+W53eIDyIOVw0tvcHDJ1S5mpWqvROf7gfNXXFvLjECACN
wnqdjeFGPLlP5Q6tVPvp8j7prVlvZQ==
=xm3N
-----END PGP PUBLIC KEY BLOCK-----
Project:
Philly Mesh - http://mesh.philly2600.net - #phillymesh:tomesh.net
Plan:
%=============================================%
==2017-01-26===================================
%=============================================%
+ Installed fingerd

* Configuring SILC network
* Documentation for fingerd and silcd

By default, finger can display login and contact information for all accounts on a machine. Luckily, accounts can be individually configured so that finger will ignore their existence if there is a .nofinger file in their home directories:

sudo touch /home/someotheraccount/.nofinger && chmod o+rx /home/someotheraccount/.nofinger

 
Conclusion

You should now have finger and fingerd installed and configured on your server for each user to make use of. Keep in mind that the information you enter here will be public (provided the server is) and people around the world may be able to gleam you contact information or even last login time via the finger command.
 
Sources

 

Famicoman

Developer, Hacker, Tinkerer, Archivist, Retro Technologist.

 

Leave a Reply

Your email address will not be published. Required fields are marked *