Using finger and chfn





Using finger and chfn

In the Unix environment, you are able to use a tool called finger to list user information. Although this is a dangerous command to leave unsecured, it's helpful to some degree. Most times, finger is disabled because if left open and unmanaged, it can be exploited. For this reason, we will not spend too much time on finger; you most likely may not even be able to use it on your system. If you can, you will see that in cases in which no other way to list information is available (like an email or messaging application), finger does the job quite nicely.

How does finger work? To put it in simple terms, information about each user's physical address is stored as part of the user's system password file when populating the finger database; this means that it is possible to retrieve information about each user from the finger databaseit's that easy. If you are performing finger on your own system (by typing finger and pressing Enter), you should see a summary detailing your login, name, login time, and where you are logged in from.

If you use finger on your own system and do not get the information you desire, you only need to populate the appropriate fields, thus completing the information. Remember, though, this information can be publicly accessed. In order to change the information, you'll need to use chfn, which is discussed later in the lesson.

Using the finger command is simple. Just enter finger <username> to get information about a user who is local to your system. To get information about someone on a remote system, try entering the following: finger <username>@<remote host>. Depending on the type of remote host and how the remote host is configured, this command might or might not work.

Let's look at the following example:

[email protected]>finger

Login: Name:           Idle: Login Time: Where:
rob ___Rob Shimonski___-____Fri 18:23  Console

This is the finger information returned about my personal account. As you can see, there isn't much here other than my login name, my user account name (full name here), my status, the time I logged in, and the location from where I logged in. This is all that is returned because I have not yet set any other personal information. In the next section, we will learn to use the chfn command to add more information to an account. You will only be able to add this information if you are working in a lab environment or have permission to do so (that is, if your system even continues to use finger in the first place).

Finger Is Normally Disabled As previously mentioned, finger is usually disabled on most Unix systems. Most system administrators who audit their Unix systems for security holes consider this particular protocol to be exploitable, so many times, they disable this function.


Using chfn

The chfn command runs an interactive process that enables you to set more personal information into your account. That way, when you run finger, you can get more detail. Run chfn on a command line without any options, as follows:

>chfn

Changing finger information for rob.
Password: *****
Enter the new value, or press ENTER for the default
Full Name: Robert Shimonski
Room Number: 13
Work Phone: (212)123-4567
Home Phone: (212)234-5678
Other: 0
Finger information changed.

Once you see "Finger information changed," you can run finger again and view the changes that you made. Again, although this command is helpful, it's not often used in light of today's messaging applications and portable databases that can be accessed using mobile phones, pocket PCs, and so on.

Disable finger Many Unix and Linux distributions install default services that are little used and have a poor security history. As security becomes more of an issue, you may find yourself sitting at one of the most locked-down systems you have ever seen. Why? For one, the protocol based around the finger utility is as insecure as someone standing over your shoulder trying to capture your credentials as you type them.

In addition, finger uses clear text (not encrypted text) by default and has notoriously been the target of hackers. Because finger is a program that displays information about a particular user or all users logged on to a system, it would make sense that it would be the target of any hacker, attacker, or exploiter of good. Unless disabled, finger will continue to be a source of good information for these individuals.


So now that you know how to change your shell and alter your password and personal information, let's turn our attention to monitoring your Unix system. In the next section, we will cover a few commands that can help you manage Unix. They are date, uptime, and who.


     Python   SQL   Java   php   Perl 
     game development   web development   internet   *nix   graphics   hardware 
     telecommunications   C++ 
     Flash   Active Directory   Windows