9

Within our corporate network, when I run finger (no arguments) from a client machine, I am presented a list of users with names and the like. But when I run finger @localhost I get "Connection refused". So where does finger connect to by default?

Paul
  • 193
  • 7

1 Answers1

13

According to strace finger, on my system it gets the list of current users from

open("/var/run/utmp", O_RDONLY|O_CLOEXEC) = 4

and details about each one by stating the pty

stat("/dev//pts/0", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0

when run without arguments. When you run it with @localhost, it tries to use the fingerd daemon, and since it's not 1993 any more, that's not running - hence the connection refused.

Edit when run with an argument which is a user, rather than @remote-system, it gets the information from the GECOS field in /etc/passwd and the home directory (for files like ~/.plan). It doesn't have privilege, so users will need home directories and plan files you can read in order to display e.g. the plan file. Here (also from strace) you see it both trying, and failing, to open some of these files in another user's directory, which is mode 750 (and I'm not in her group):

lstat("/home/cby/.pgpkey", 0x7fff52fcec60) = -1 EACCES (Permission denied)
lstat("/home/cby/.project", 0x7fff52fcec60) = -1 EACCES (Permission denied)
lstat("/home/cby/.plan", 0x7fff52fcec60) = -1 EACCES (Permission denied)
MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • I didn't even know that you can use this as alternative to `who`, I've only ever used it in conjunction with `fingerd` and therefore, both `finger` and `fingerd` aren't even installed on my systems anymore. – Sven Oct 15 '15 at 09:42
  • 1
    Thanks for changing 1988 to 1993, makes me feel less old ;-) But what I don't understand then is, if it does not connect, where does it get data about people not logged in (`finger offlineusername`)? Though I didn't ask that in my post. Should I edit the question or post a new one? – Paul Oct 15 '15 at 09:53
  • @Sven no worries, I guessed it was so! I put it *back* on all the systems I admin, because I find the output much more human-friendly than `who`'s. But I don't run (or install) `fingerd`; that would be weird. – MadHatter Oct 15 '15 at 09:54
  • @Paul no worries - I felt '93 was a bit more honest, since that's about when I stopped running `fingerd` on internet-connected systems. I've updated my answer in line with your supplementary question; I think a comment is OK for such a small additional point, rather than opening a whole new question. By the way, I notice you're new to SF (welcome!); please take a moment to take our [help tour](http://serverfault.com/tour), if you haven't already, and learn about accepting answers to questions (amongst other things). – MadHatter Oct 15 '15 at 10:01
  • oops, fixed now. – Paul Oct 15 '15 at 10:05
  • @MadHatter: I love this small nuggets of knowledge - just tested it and I've now added `finger` to my puppet package list :) – Sven Oct 15 '15 at 10:38
  • @Sven I gave a mod a "*nugget of knowledge*" - seriously, that's made my day! – MadHatter Oct 15 '15 at 11:12
  • @MadHatter: :-) – Sven Oct 15 '15 at 11:22
  • "ignore Sven's apparent incredulity, above" There is nothing from Sven above your answer. What are you referring to? – user Oct 15 '15 at 11:52
  • @MichaelKjörling he made a comment on the original question that he has since deleted; don't sweat it! (I've edited my answer to be less confusing, in the light of that deletion.) – MadHatter Oct 15 '15 at 11:53
  • @MadHatter Yeah, I figured it was something like that, but it just really didn't make any sense to me. Thanks for cleaning it up! – user Oct 15 '15 at 11:55
  • I miss being able to reach out and touch someone. – Michael Hampton Oct 15 '15 at 12:39
  • To add a little extra perspective, note that the `finger` command first appeared in 3BSD, and the TCP/IP stack didn't come along until 4.2BSD. `finger` is a local user lookup tool that got extended to support remote lookups, not a network tool with a special local mode. –  Oct 15 '15 at 16:12
  • @MadHatter The first time I got to use a Unix system fingerd was still running on most (if not all) machines in the department. That was in 1997. – kasperd Oct 20 '15 at 21:06