The finger command displays information about local system users by querying files such as /etc/passwd, /var/run/utmp, and /var/log/wtmp. It is a local command and does not rely on any service or daemon to run. This command helps to quickly retrieve user-related details such as login times, idle status, and other system information.
- View details about a particular user.
finger abc
Output
Login: abc Name: (null)
Directory: /home/abc Shell: /bin/bash
On since Mon Nov 1 18:45 (IST) on :0 (messages off)
On since Mon Nov 1 18:46 (IST) on pts/0 from :0.0
New mail received Fri May 7 10:33 2013 (IST)
Unread since Sat Jun 7 12:59 2003 (IST)
No Plan.
- View login details and idle status about a user.
finger -s root
Output
Login Name Tty Idle Login Time Office Office Phone
root root *1 19d Wed 17:45
root root *2 3d Fri 16:53
root root *3 Mon 20:20
root root *ta 2 Tue 15:43
root root *tb 2 Tue 15:44
finger [-l] [-m] [-p] [-s] [username]
| Flag | Description |
|---|---|
-l |
Force long output format. |
-m |
Match arguments only on username (not first or last name). |
-p |
Suppress printing of the .plan file in a long format printout. |
-s |
Force short output format. |
Default Format:
The default format includes items like login name, full username, terminal name, and write status. The command provides details like idle time, login time, and site-specific information.
Longer Format:
In a long format, the command adds details such as the user’s home directory, login shell, and the contents of .plan and .project files.
While the finger command is useful for retrieving information about system users, it may also expose sensitive details in shared or multi-user environments:
- Usernames and Login Times: Displays login times, which can be used to track user activity.
- Home Directories: Exposes paths to users’ home directories.
- Idle Status: Shows how long a user has been inactive, potentially signaling whether they are actively using their system.
- Mail Status: Displays mail information, which may inadvertently reveal user engagement.
In environments with untrusted users, the information exposed by finger could be exploited for:
- Social Engineering Attacks: Malicious actors could use this information to craft personalized phishing attacks.
- Timing Attacks: Knowing when a user is idle or active could give attackers an advantage in timing their attempts.
- Targeted Attacks: Knowledge of user home directories can focus attacks on those locations.
To mitigate these risks, consider limiting access to the finger command in environments where user privacy is important.
It’s important to distinguish between the finger command and the in.fingerd service. The finger command is local, while in.fingerd is a network daemon that allows remote queries of user information. This service is typically disabled by default in modern systems due to potential security risks.
If enabled, the in.fingerd service can expose user information over the network, which could be exploited by attackers. To mitigate this risk, system administrators should ensure the service is disabled if it is not needed.
If you are concerned about remote queries, you can disable the in.fingerd service:
sudo systemctl disable in.fingerd
sudo systemctl stop in.fingerdBy disabling the in.fingerd service, you prevent remote querying of user information, enhancing system security.