Copyright ©1996, Que Corporation. All rights reserved. No part of this book may be used or reproduced in any form or by any means, or stored in a database or retrieval system without prior written permission of the publisher except in the case of brief quotations embodied in critical articles and reviews. Making copies of any part of this book for any purpose other than your own personal use is a violation of United States copyright laws. For information, address Que Corporation, 201 West 103^rd Street, Indianapolis, IN 46290 or at support@mcp .com.

Chapter 11 - Installing Finger Server Software

If you want people to be able to get particular types of information about your users such as when they were last online, when they last checked mail (which information is offered is configurable), you will want to install a Finger server. Instead of installing the default Finger server, you are going to install a more configurable one that will give you and your users more control of the information going out to the world.

Offering Finger is a simple way to let people set up something to tell the world a little bit about themselves. In a way, Finger offers the chance to make a simple text personal Web page! Also, outside users can use Finger to find out someone's e-mail address.

In this chapter, you learn how to:

• Configure your Finger server
• Compile your Finger server
• Install your Finger server
• Configure Finger output
• Verify that your Finger server works properly

Configuring Your Finger Server

Once again, this is a server that you have to compile. However, code just doesn't get much simpler than a Finger server, so this compilation should be pretty headache-free. Just take your time and make sure not to make any typos during what little file editing you may do.

Finding and Decompressing the Server Source

The Finger server you're going to use is Kfingerd-0.04. This is a daemon, which runs in the background and waits for Finger requests to come in.

To locate and decompress Kfingerd, perform the following procedure:

1. Locate the file kfingerd-0.04.tar.gz on the CD-ROM.
2. Copy it to /usr/src.
3. Make a directory for your Finger work, e.g., md finger.
4. Move kfingerd-0.04.tar.gz into the directory you just made.
5. Type gunzip kfingerd-0.04.tar.gz.
6. Type tar -xvf kfingerd?.04.tar.gz.

Now, there is a little file editing you need to do before compiling your Finger server. In fact, you don't need to edit anything if you don't plan to create dummy accounts (fake accounts created just so people can Finger them and get information from your site, for example info).

If you don't plan to create dummy accounts, skip to the next section. If you're not sure, then go ahead and follow along and make the few necessary changes.

To make the changes you want, do the following:

Once again, the comment lines in this program begin with /* and end with */.

1. /* #define NO_DUMMY_PROGRAMS */
2. You will probably want to uncomment this line. It will plug a potential security hole some intruders may know how to use. I will uncomment this line as follows:
3. #define NO_DUMMY_PROGRAMS
4. /* Define NOSUCHUSERPATH and NOSUCHUSERFNM to enable custom handling */
5. /* of Fingers of unknown users.
6. If you want to set how Finger handles incoming requests for accounts that don't exist, then uncomment the items in this portion of dummy.c. The first item, NOSUCHUSERPATH, defines the path where Finger should look to see what to do with a request for information on an unknown user. The second NOSUCHUSERFNM defines the file name Finger should look for in the defined path. I will stick with the default file names and uncomment the lines as follows:
7. #define NOSUCHUSERPATH "/etc/"
8. #define NOSUCHUSERFNM "badfinger"
9. Take a look at the default badfinger.c file to see if you want to stick with it; many sysadmins will not. The default file's response to a request for an invalid user gives a list of valid users, which may not be acceptable to you. You may want to change badfinger.c so that it gives a customized text response because if you don't use this file, the response to a request for an invalid user will be finger: username: no such user.

Compiling and Installing Your Finger Server

Finger is a simple program, so takes little time to compile and requires only a bit of file shuffling and security consideration to install.

Compiling Kfingerd

To compile Kfingerd, do the following:

1. Log in as root.
2. Enter the directory where the Finger files are stored (e.g., /tmp/kfingerd).
3. Type make.
4. Watch the messages the compiler gives you.
5. Deal with any problems that come up, and return to step 3 if you have to fix something before it will compile.

Installing Kfingerd

There are a number of fairly small and simple steps involved in installing your Finger server.

Creating Finger's Home Directory

First, create a home directory for Finger itself. This is where you will put your dummy accounts later. To create this directory, do the following:

1. Log in as root.
2. Change to the directory home.
3. Create the directory finger.
4. Change the permissions of the Finger directory so only trusted persons (owners) are allowed to write to it (type chmod 755 finger). This will permit other people to read in this directory, but considering that they can get the same information by just fingering accounts, this isn't generally a problem.

Moving Kfingerd

Move the compiled file, Kfingerd, to somewhere like /usr/sbin, where most daemons and other items that only root should be running go.

Adding Kfingerd to the Startup Daemons

To run Kfingerd at startup with the other inetd items, do the following:

1. Log in as root.
2. Go to the /etc directory.
3. Edit the file inetd.conf.
4. Make sure the following line exists exactly as you see it here:

finger     stream     tcp     nowait     root     /usr/sbin/tcp     /usr/sbin/kfingerd

You will find this line already in your inetd.conf file, but the user is incorrect. All you need to do is change the user daemon to root in this line.

1. Save and exit the file /etc/inetd.conf.

You can either reboot your system to get Kfingerd running, or type kill -HUP # where # is inetd's process ID number, and then type /etc/inetd to get it running again.

Configuring Finger Output for Users

One reason I chose Kfingerd instead of the standard, normal, everyday Finger is because it is a more configurable program. The standard Finger hands out a list of information that not everyone wants people to have access to. Kfingerd allows each user to choose what information is available to outsiders fingering their accounts, and what information is not available.

The file used to individually configure Finger output is called .fingerrc.

.fingerrc Commands

There are a number of commands available to users who want to configure their Finger output (see table 11.1).Table 11.1 Commands Available in a .fingerrc File

Command Function
[no]mail        [doesn't] provide information on new mail, or if all mail has been read
[no]remote      [doesn't] provide information on where people are logged in from if it's an outside site
[no]ttys        [doesn't] provide information on what tty someone is logged in from
[no]idle        [doesn't] provide information on how long someone has been idle
[no]log [doesn't] log the Finger request in ~/.fingerlog
[no]plan        [don't] show the user's plan file
[no]proj        [don't] show the user's project file
[no]auth        [don't] use ident to get a username for the person making the Finger request
projfnm         Define the name of the project file
planfnm Define the name of the plan file
progfnm Define a program Finger should call
subdfnm Define a subdirectory where plan files are kept

Items in brackets ([]) are optional.

For the last four items (those that define files to call or use), if you don't include the name of the file, the item is disabled. For example, if you just enter projfnm without a file name, project files are disabled.

You can also add the parameters in table 11.2 in front of any of the commands listed in table 11.1.Table 11.2 Additional Command Parameters for the .fingerrc Commands

Parameter       Function
IP[!]   [Don't] execute the command following this parameter unless it comes from the IP address listed
HN[!]   [Don't] execute the command following this parameter unless it comes from the host name listed
HNR     Remap host names somewhere else

Example .fingerrc File

Now, to get a feel for how all of these commands work together, create a sample .fingerrc file. Let's say that I would like to have the following information available and not available:

• Let outsiders see what my mail status is.
• Don't provide my login locations.
• Don't provide my idle time.
• Log Finger requests.
• Show my plan file (~/.plan).

My .fingerrc file would contain the following:

#Enable mail information
mail
#Don't show login locations, whether tty or remote machine
noremote
nottys
#Don't show idle time
noidle
#Remap my local host names to one local host name
HNR     davinci.renaissoft.com       local
HNR     catherine.renaissoft.com     local
HNR     magellan.renaissoft.com      local
HNR     vivaldi.renaissoft.com       local
#Log Finger requests except from my own site
!HN= local     log
#Show plan file and assign location to ~/.plan
plan
planfnm ~/.plan

You may want to create a default .fingerrc file to put in all user home directories, with comments, so your users can modify them to fit their preferences.

Verifying That Finger Works

Now, test Finger to make sure that you've installed it properly! Fortunately, verifying Finger is pretty quick and easy. There are four procedures you should test:

• Fingering an unknown user
• Fingering an account without a .fingerrc file to check out the defaults
• Fingering an account with a .fingerrc
• Fingering a dummy account you have set up

Kfingerd only effects remote Fingers (Fingers from an outside host). It doesn't affect local Fingers, meaning that if you just type finger dee, for example, you will get the default Finger response instead of the custom response I set up for myself. This difference in response is caused by the fact that if you don't include the name of the host, the Finger client doesn't bother asking the server about the settings that would point it to the /home/dee/.fingerrc file.

If you want to change this, you will need to locate the source for your Finger client and edit it to ensure that it always checks with the Finger server instead of assuming that check is not necessary with local Fingers.

You can find an up to date version of the Finger client source by FTPing to sunsite.unc.edu, going to the directory /pub/Linux/system/Network/finger, and getting the file finger.atbug.tgz.

Unknown User

Make up a userid that doesn't exist on your system, and Finger it at one of the host computers (for example, in my case, finger blort@davinci would be a good test, see fig. 11.1).

Fig. 11.1 Fingering an account that doesn't exist on my site, and getting the response I set in my badfinger.c instead of a list of accounts on my site.

Confirm that what you included in your badfinger.c file works properly by fingering an account that you know doesn't exist on your site, and making sure it gives the output you wanted. If not, you may need to change badfinger.c and recompile Kfingerd.

Fingering a Known Account without a .fingerrc

Finger an account you know exists (your own will certainly do, an example for me would be dee@catharine, or just dee since I'm not fingering from outside). Take note of what kind of information shows in the Finger response (see fig. 11.2).

Fig. 11.2 Fingering my account and seeing that it works.

Fingering a Known Account with a .fingerrc

Write up a simple .fingerrc file and place it in, say, your home account. Then, Finger your account@host (e.g., dee@catharine) and see if it looks different from the default. If not, make sure you didn't comment out any important lines (using # at the beginning of the line), or that you didn't mistype .fingerrc.

Fingering a Dummy Account You Created

First, before you can Finger a dummy account, you have to create one. Create a quick dummy account by doing the following:

1. Log in as root.
2. Go to the directory /home/finger.
3. Create a file with the name of the dummy account you want, for example, info.
4. Put the Finger response in the text of the file.
5. Save and exit your dummy account file.
6. Change the ownerships of the dummy account file to root.nobody.

For an example, I fingered info on my site (see fig. 11.3).

Fig. 11.3

The output from the dummy account info on my site, containing contact and server information.