Man Linux: Main Page and Category List

NAME

       cfingerd.conf - configurable finger daemon configuration file.

SYNOPSIS

       /etc/cfingerd.conf

DESCRIPTION

       cfingerd.conf  is  the  configuration  file for cfingerd.  cfingerd has
       been totally rewritten to support a more readable  configuration  file.
       This  version  of the new configuration file is NOT compatible with the
       older versions from 1.0.3 or below.

       The configuration file is split into sections of three  general  types:
       FILES, CONFIG, and HOSTS.

       Each  one  of  those  sections is split into subsections, which will be
       explained next.

       Subtext of each option is either boolean options,  string  options,  or
       switchable options, all changeable by the system administrator.

       Each  section  is split into a series of sections that resembles C type
       definition; not exact, but close enough to be  familiar  with  it.   :)
       There’s  only one exception - these are not case sensitive.  Any casing
       will do, as long as the option is legal.

       Thus, each section is formatted like this:

            OPTION section_name = {
              (tab/space) string_option = "string_format",
              (tab/space) +/-boolean_pair_option = [BOOL, BOOL],
              (tab/space) +/-internal_config_option
              (tab/space) host.name.here
            }

       This illustrates that string options are  strings  put  into  "quotes",
       boolean  options  are  given  as TRUE and FALSE, switchable options are
       given with the + or - directive, and hostnames are used as  substrings,
       so that wildcards are not necessary.

       A  few  sections simply contain a block of text to be used as the value
       of a single option, which one is indicated by the section name  itself.

       You  may add comments using the hash mark ‘‘#’’ at the beginning of the
       line.  Please note that no comments are allowed inside of a section.

DISPLAY FILES SECTION (FILES display_files)

       Each option here is a string option.  The first 6 options are  relative
       to  the home directory of whatever user was fingered, the remaining are
       absolute and should start with a "/".

       PLAN is the optional plan file which contains the text displayed as the
       users plan.  The default is .plan.

       PROJECT  is  the  optional  project file that is used when displaying a
       project description.  The standard here is .project.

       PGP_KEY is the optional "Pretty-Good-Privacy" file that is  shown  when
       displaying a public or private key.  The standard here is .pgpkey.

       XFACE  is  the  optional  file  that  shows  the user’s face.  (This is
       commonly used in E-Mail messages.)  The standard here is .xface.

       NO_FINGER is the optional file that is shown  when  a  user  wishes  to
       remain  anonymous.   This  is  usually  the case with root users (which
       should be standard, anyway).  In order  to  hide  the  user  this  file
       should  be  an  exact copy of the nouser_banner.txt file.  The standard
       here is .nofinger.  This file can only be a standard displayable  file.
       This  option will also hide the user from a "search.pattern" query.  If
       any user can read this file it will  also  be  honored  by  a  userlist
       (@host)  query.   This  is  done by a non-priviliged program so the uid
       can’t be changed.

       USERLOG is the optional file in which all attempts to finger a user are
       logged  for  the  users own reference.  If ALLOW_USERLOG is not enabled
       this        file        is        completely        ignored.         If
       ONLY_CREATE_FINGERLOG_IF_FILE_EXISTS  is  enabled  cfingerd  will  only
       document finger requests if this file already exists in the users  home
       directory.  The default name is .fingerlog.

       MAILBOX is the file that is checked to see where the user’s mailbox is.
       If you  are  using  a  regular  Unix  mail  transport  agent  (such  as
       sendmail(1),  smail(1)  or  exim(1)),youwoulduse  /usr/spool/mail/$USER
       here.   If  you  are  using  something  like  qmail,  you   would   use
       $HOME/Mailbox.  The path must be given as well as the filename to check
       for.  $USER will expand to the proper username.  $HOME will  expand  to
       the  proper  home  directory  for  that  very  user.  If MAILBOX is set
       to‘‘QMAIL’’ cfingerd assumes that Qmail is used on the local system and
       therefore will read ~/.qmail files instead of common mailbox files.

       LOGFILE  is  the  file  that  is  used  to keep logs of everything that
       happens to your finger program.  These logs are  kept  as  backups  for
       your finger file, and can be used to guard against attacks against your
       system if a finger attack occurs.  By  keeping  cfingerd.conf  readable
       only by root the logfile should be kept in a safe, hidden place.

       HEADER_DISPLAY  is the file that is displayed at the top of each finger
       reply.  The standard here is /etc/cfingerd/top_finger.txt.

       FOOTER_DISPLAY is the file that is displayed at the end of each  finger
       reply.  The standard here is /etc/cfingerd/bottom_finger.txt.

       NO_USER_BANNER is the file that is displayed if the user doesn’t exist.
       The standard here is /etc/cfingerd/nouser_banner.txt.

       NO_NAME_BANNER is the file that is displayed if no name  was  specified
       in  a  finger  request  if  a  system  listing  is  not  allowed by the
       SYSTEM_LIST  option  (explained   later).    The   standard   here   is
       /etc/cfingerd/noname_banner.txt.

       REJECTED_BANNER  is the file that is displayed if a rejected host tries
       to  finger  your  system  for  any  reason.   The  standard   here   is
       /etc/cfingerd/rejected_banner.txt.

FINGER DISPLAY CONFIGURE SECTION (CONFIG finger_display)

       Each  option  in  this  section  is  boolean.  The way this works is as
       follows:  The first boolean option is the setting for a remote host, or
       a host that fingers you from the outside.  The second boolean option is
       the setting for the local host, or trusted host.  This is  what  people
       from your own system will see.

       TRUE  means  that  this  item is included in the cfingerd reply.  FALSE
       means it is omitted.   Unless  otherwise  specified  these  items  only
       appear if an existing user is fingered.

       Each  option  has  a  "-"  or "+" option.  This is for user-overridable
       options, which will be in the next release  of  cfingerd.   These  will
       allow  each  user  to  manipulate if this information is displayed when
       that specific user is fingered.

       HEADER_FILE displays the header file at the beginning  of  each  finger
       reply.

       FOOTER_FILE displays the footer file at the end of each finger reply.

       LOGIN_ID displays the login ID of that particular user.

       REAL_NAME displays the real name of that particular user.

       DIRECTORY displays the user’s directory.

       SHELL displays the user’s shell.

       ROOM_NUMBER displays the user’s room number.

       WORK_NUMBER displays the user’s work phone number.

       HOME_NUMBER displays the user’s home phone number.

       OTHER displays the user’s other information.

       LAST_TIME_ON  displays  the  last  time  the  user  has logged into the
       fingered system.

       IF_ONLINE displays whether or not the user is currently logged into the
       fingered system.

       TIME_MAIL_READ  displays  the last time that the fingered user has read
       mail.

       DAY_MAIL_READ displays the last day that the fingered user read his/her
       mail.

       ORIGINATION  displays  the  site  from  which  the  user  logged in (if
       applicable.)

       PLAN displays the user’s plan file.

       PROJECT displays the user’s project file.

       PGP displays the user’s Pretty-Good-Privacy key file.

       XFACE displays the user’s XFACE file.

       NO_NAME_BANNER displays the banner if no username was given.

       REJECTED_BANNER displays the rejected banner file if the site fingering
       your system was in the banned-site listing.

       SYSTEM_LIST displays the system list if one was requested.

       NO_NAME displays the NO_USER_BANNER file if no user was selected.

INTERNAL CONFIG SECTION (CONFIG internal_config)

       Each  item  in  this section is a switchable option.  This means that a
       "+" before the item enables it while a "-" before  the  item  turns  it
       off.

       ALLOW_MULTIPLE_FINGER_DISPLAY  tells  cfingerd to add the system finger
       information from the hosts listed in the system_list_sites  instead  of
       only  the  localhost.   This  is useful when you have more than one ISP
       machine, located in different cities, or even states.

       ALLOW_SEARCHABLE_FINGER allows you to let others outside of your system
       (or  within  it)  to  search  for  a  specific  username  by  using the
       "search.pattern" directive.

       ALLOW_NO_IP_MATCH_FINGER allows you to let sites finger your system  if
       a hostname could not be matched to their IP address successfully.

       ALLOW_USER_OVERRIDE  will allow your users to override specific options
       in the FINGER DISPLAY  section  that  you  enable.   This  is  not  yet
       implemented.

       ALLOW_USERLIST_ONLY  will  allow other sites to get a shortened form of
       the  "finger  @hostname"  response   by   issuing   "finger   userlist-
       only@hostname".   The  shortened form does not merge in other computers
       even if ALLOW_MULTIPLE_FINGER_DISPLAY is enabled, and omits  the  usual
       headers and footers.  This listing is only available if the remote user
       is allowed to query for a regular system list, so SYSTEM_LIST from  the
       finger_display section needs to be enabled, too.

       ALLOW_FINGER_FORWARDING  will  allow  other  sites  to  forward  finger
       requests to a different machine if the user could not be located on the
       current machine.  (In order to use this option, you MUST have the HOSTS
       finger_forward option set, and have other sites in there.)

       ALLOW_STRICT_FORMATTING makes the finger  display  remove  all  returns
       between  display  options.  This makes the finger display look horrible
       (as with GNU Finger or the other generic fingers) and makes your system
       look, well, "generic".  :)

       ALLOW_VERBOSE_TIMESTAMPING  makes  the  timestamp that is displayed (at
       any place) very verbose.  For instance, where it used to say:

       On since Sat Aug 12 03:43PM (PDT)

       would now be shown as:

       On since Sat Aug 12, 1995 03:43PM (PDT)

       (Basically, ALLOW_VERBOSE_TIMESTAMPING just takes up more room  on  the
       display field.)

       ALLOW_NONIDENT_ACCESS  lets cfingerd also accept connections from sites
       that don’t run the IDENT daemon (or RFC1413-compliant  program.)   This
       is  for  security  sake,  and  is  a good measure against unknown users
       trying to finger your system.  If this option is enabled, users that do
       not  have  identd  running  on their system (ala Windows users) will be
       able to finger your system.  Systems NOT  running  identd  will  return
       "unknown"  as the user ID, and will thusly not be permitted to finger a
       user on your system.

       ALLOW_FINGER_LOGGING enables cfingerd to use the LOGFILE file to  store
       any logs of activity that happen to your system via finger.

       ALLOW_LINE_PARSING makes cfingerd parse each line of every display file
       (including the plan, project, and pgp files) for any  cfingerd-specific
       "$" commands.  If any are found, cfingerd will parse these commands and
       display correct information accordingly.  Otherwise, if this is  turned
       off, the display will appear without parsed commands.

       ALLOW_EXECUTION  will  allow users to execute scripts in place of their
       .plan, .project, and .pgp files.  This is used to display the  standard
       output  of another program directly to the screen of the user.  Keep in
       mind that this is a HUGE security risk, should you choose  to  use  it.
       It’s normally suggested that this remain off, but you can turn it on if
       necessary. Nevertheless these programs are called as nobody.nogroup  as
       effective  user  (while  the real user will still be root, but a called
       program won’t be able to change this back).

       ALLOW_FAKEUSER_FINGER turns on or off the fake user option in cfingerd.
       If you want fake users to be defined, and available to be fingered, you
       will want to enable this option.  This can be a security risk  in  some
       instances if you allow for searchable fingers, and your script calls an
       execute routine on that variable...  But  chances  are,  that’ll  never
       happen.

       ALLOW_USERLOG  will allow users to keep track of who has fingered them,
       and at what time.  The default name of this user logfile is .fingerlog.

       ALLOW_CONFESSION  enables  two  fakeusers  "help"  and  "version"  that
       provide information about the system running.  Some people  don’t  like
       that so you can turn it off.  When fingered the requestor will only see
       the NO_USER_BANNER so he can’t guess that the fakeuser is supported.

       ONLY_SHOW_HEADERS_IF_FILE_EXISTS will  only  show  the  header  of  the
       .plan,  .project, etc. files if they exist.  If the file doesn’t exist,
       the header will not be shown.  This saves space on the final output  of
       the finger data.

       ONLY_CREATE_FINGERLOG_IF_FILE_EXISTS will only create a .fingerlog file
       in  the  fingered  user’s  home  directory  if  one  exists   (and   is
       read/writable by the user.)  This is to cut down on hard drive space if
       they don’t want a .fingerlog file.

SYSTEM LIST SITES SECTION (CONFIG system_list_sites)

       This is just a series  of  hostnames  that  you  want  to  finger  when
       displaying  a  userlist  query  (finger @localhost) .  If you have more
       than one system that you want to show, simply put  their  hostnames  in
       this list, separated on a line by itself.

       A  good  example  of the way this works is this: If you have a separate
       ISP system that you are running on the side, say "chatlink.com", then I
       would change my configuration to say:

           CONFIG system_list_sites = {
                   chatlink.com,
                   localhost
           }

       Remember, if you are listing only a couple of sites, list the sites you
       will want to have listed (in order) first.  These sites are required to
       run cfingerd as well and they must not be offline while fingering.  The
       ending entry MUST be the localhost, or  the  finger  listing  will  not
       include your site.  If you include localhost anywhere else in the list,
       it will stop once it has reached the localhost entry,  so  remember  to
       list it last!

       For  the  simple  fact  that  I  want to get a user listing from my own
       machine, and from chatlink.com’s system.  This would  be  automatically
       formatted  nicely  (ie.  sorted  and  parsed)  and would display on the
       screen in sorted order.  This program is usually used  in  tandem  with
       the supplied userlist(1) program.

       If  no  system list sites are specified, multiple system sites will not
       be specified.

TRUSTED HOST SECTION (HOSTS trusted)

       This is a listing of the sites that you allow  to  finger  your  system
       exclusively,  giving  them  the same access that your local users would
       get.  In other words, they are treated as "localhost" users.

       Each site that you list in this section should be  separated  by  using
       the "," character.  You can include up to 80 sites in this listing.

       Wildcards  are  supported  in this section, and you may use them in the
       regex format as well.  Any wildcards with "*", "?", or any other  regex
       wildcard  matching  character  will work.  IP addresses will also work.
       Hostnames are compared case insensitive.

REJECTED HOST SECTION (HOSTS rejected)

       This is a listing of the sites that you do not  allow  to  finger  your
       system.   These  sites don’t get to finger anyone (or anything for that
       matter) on your system, regardless of what they try to do.  In essence,
       finger is cut off to those particular systems.

       Each  site  that  you list in this section should be separated by using
       the "," character.  You can include up to 80 sites in this listing.

       Wildcards are supported in this section, and you may use  them  in  the
       regex  format as well.  Any wildcards with "*", "?", or any other regex
       wildcard matching character will work.  IP addresses  will  also  work.
       Hostnames are compared case insensitive.

FORWARDED HOST SECTION (HOSTS finger_forward)

       This  is  a listing of sites that are used to forward a finger query to
       when a finger request was processed, but that particular user  was  not
       found on the associated system.  It will step through this listing, and
       it will search for the user in question.  If  the  user  could  not  be
       found,  then it will step through to the next host, and the next, until
       it finds one.

       Each site that you list in this section should be  separated  by  using
       the "," character.  You can include up to 80 sites in this listing.

       Wildcards  are  supported  in this section, and you may use them in the
       regex format as well.  Any wildcards with "*", "?", or any other  regex
       wildcard  matching  character  will  work.  Hostnames are compared case
       insensitive.

       If you do not specify any forwarding  sites  in  this  section,  finger
       forwarding will be disabled for your system.

FINGER STRINGS SECTION (CONFIG finger_strings)

       Each option in this section is a string that can be changed to fit your
       needs when displaying finger information.  These strings are limited to
       about  20  characters  on  the  display.  (If you use more than 20, the
       finger display will end up looking strange.)

       USER_NAME is the string that is displayed when the user’s  username  is
       shown.

       REAL_NAME  is the string that is displayed when the user’s real name is
       shown.

       DIRECTORY is the string that is displayed when the user’s directory  is
       shown.

       SHELL is the string that is displayed when the user’s shell is shown.

       ROOM_NUMBER is the string that is displayed when the user’s room number
       is shown.

       WORK_NUMBER is the string that is displayed when the user’s work  phone
       number is shown.

       HOME_NUMBER  is the string that is displayed when the user’s home phone
       number is shown.

       OTHER is the string that is displayed when  the  user’s  other  display
       information is show.

       PLAN is the string that is displayed when the user’s plan is shown.

       PROJECT  is  the  string  that  is displayed when the user’s project is
       shown.

       PGPKEY is the string that is displayed  when  the  user’s  PGP  Key  is
       shown.

       XFACE  is  the  string  that is displayed when the user’s XFACE file is
       shown.

       NO_PLAN is the string that is displayed if the user doesn’t have a plan
       file to show you and ONLY_SHOW_HEADERS_IF_FILE_EXISTS is not enabled.

       NO_PROJECT  is  the string that is displayed if the user doesn’t have a
       project file to show you and  ONLY_SHOW_HEADERS_IF_FILE_EXISTS  is  not
       enabled.

       NO_PGP  is  the string that is displayed if the user doesn’t have a PGP
       Key file  to  show  you  and  ONLY_SHOW_HEADERS_IF_FILE_EXISTS  is  not
       enabled.

       NO_XFACE  is  the  string that is displayed if the user doesn’t have an
       xface file to show  you  and  ONLY_SHOW_HEADERS_IF_FILE_EXISTS  is  not
       enabled.

       WAIT  is  the  string that is shown when the system gathers information
       from other sites for a user listing.

INTERNAL STRINGS SECTION (CONFIG internal_strings)

       These strings are changeable, and can be any length  you  want  (within
       reason).   These  strings are concattenated into the syslogging display
       when the  appropriate  finger  has  been  issued.   This  section  also
       includes error messages that may occur.

       NO_IP_HOST is shown when there is no hostname that matches the incoming
       IP address.   This  usually  indicates  that  either  the  site  didn’t
       register  their IP address with the InterNIC, or they are coming from a
       hacked site.

       RENICE_FATAL is shown when the system failed to  change  the  execution
       priority on the current process of cfingerd.

       STDIN_EMPTY  is  shown  when  the  input buffer on the CFINGERD port is
       empty.  (This should never really happen; it’s here for sanity.)

       TRUSTED_HOST is shown when a trusted host fingers your system.  If  you
       do  not  specify  a trusted host, cfingerd will insert "localhost" into
       this field.

       REJECTED_HOST is shown when a rejected host fingers  your  system.   If
       you do not specify a rejected host, cfingerd will insert "0.0.0.0" into
       this field.

       ROOT_FINGER is shown when a user fingers root.

       SERVICE_FINGER is shown when a user requests fake  user  services  from
       your system.

       USER_LIST is shown when a user requests a system user listing from your
       system.

       FAKE_USER is shown when a user fingers a fake user from your system.

       WHOIS_USER is shown when a user fingers a user with  a  "WHOIS"  query.
       (This option is not yet available at the time of this writing.)

       FINGER_DENY is shown when a user tries to finger with a forward request
       like user@host1@host2. This is not supported  as  it  could  result  in
       finger loops and lots of traffic.

SIGNAL STRINGS CONFIGURE SECTION (CONFIG signal_strings)

       This section is used in changing the output that is given when a system
       crashes, or a signal is caught, and reported to the finger output.

       The supported caught signals are as follows:

       SIGHUP, SIGINT, SIGQUIT, SIGILL,  SIGTRAP,  SIGABRT,  SIGFPE,  SIGUSR1,
       SIGSEGV, SIGUSR2, SIGPIPE, SIGALRM, SIGTERM, SIGCONT, SIGTSTP, SIGTTIN,
       SIGTTOU, SIGIO, SIGXCPU, SIGXFSZ, SIGVTALRM, SIGPROF, SIGWINCH

FINGER PROGRAMS FILES SECTION (FILES finger_programs)

       These are the programs that are called when a specific action  is  take
       on the finger display.

       FINGER is the file that is used when a system user listing is requested
       from your machine.  This is used in the standard user list and  in  the
       sorted  user  list,  so it is wise to use the standard here; this being
       /usr/sbin/userlist.

       WHOIS is the program that is used when a "whois" request is done  on  a
       specific user.  This is currently not used.

FINGER FAKEUSERS FILES SECTION (FILES finger_fakeusers)

       These  are  the  ever-popular  fake  users  that you can create on your
       system.  These users are ones that don’t exist  (and  should  not,  for
       that  matter.)   These are, instead, treated as normal scripts that can
       be called for your use.

       The format is as follows for fake users:
           "fake_username", "Script name", SEARCHBOOL, "script"
       where...

       fake_username is the name of the fake user you want to  request.   Make
       sure  that  this is a user that DOES NOT exist on your system.  Keep in
       mind that if you create a fake username, and that user already  exists,
       the  fake  username  will  be  shown.  If  you  prepend  ’-’ before the
       username, the fake user will not be shown on the list of services.

       Script name is the standard name of your script.  This is used  in  the
       display of your services listing.

       SEARCHBOOL  specifies  whether  or  not  parameters can be sent to that
       specific fake user.  If you decide to use the  SEARCHBOOL  option  (ie.
       TRUE in this case), the passed variables are:

         $1 - First passed option,
         $2 - Second passed option,
         $3 - Third passed option, and
         $4 - Fourth passed option.

       (If  more  than  four  options were passed to this, the request will be
       ignored, and an error  message  will  be  returned  to  the  user  that
       requested the finger request.)

       script  is  the  location  of  your script.  It should be chmod 700 and
       readable only by root.

       If you do not specify any fake users, a fake user called "None" will be
       created.   This is a fake user that does nothing, and calls "/dev/null"
       for the script.

SERVICES HEADER CONFIGURE SECTION (CONFIG services_header)

       This is the display that is given during a services finger.  It  should
       be formatted the same way that you want it to display on the screen.

       When  specifying  the finger formatted options, you should specify them
       as C formatted strings as well, with the standard options.  This should
       always be given last in the display.

       An example of this would be:

                 Welcome to this system’s services!

               User:     Service name:     Searchable:
             -------- -------------------- -----------
             %-8s %-20s %-s

       Where this would display the above string.  Remember to keep the format
       string last, or a SIGSEGV will result.

SERVICES POSITIONS CONFIGURE SECTION (CONFIG services_positions)

       This specifies where in the above display string that  the  information
       from a service listing is to go.  These numbers can be anywhere between
       1 and 3.

       USER specifies the position of the username listing.

       SERVICE specifies the position of the service full-name listing.

       SEARCH specifies the position of the boolean search display.

CONTACTING

       If you like the  software,  and  you  want  to  learn  more  about  the
       software, or want to see a feature added to it that isn’t already here,
       then please write to cfingerd@infodrom.north.de.  The project’s webpage
       is at http://www.infodrom.north.de/cfingerd/ .

       As  always,  I appreciate any suggestions, or bug reports you may have,
       so if you have suggestions or bug reports, BRING ’EM ON!  :)

SEE ALSO

       cfingerd(8),  cfingerd.text(5),   userlist(1),   finger(1),   regex(3),
       regexp(3).