.TH CFINGERD.CONF 5 "19 Dec 1998" "1.4.2" "Configurable Finger Daemon"
.SH NAME
cfingerd.conf \- configurable finger daemon configuration file.
.br
.SH SYNOPSIS
.B /etc/cfingerd.conf
.br
.SH DESCRIPTION
.I cfingerd.conf
is the configuration file for cfingerd.
.B cfingerd
has been totally rewritten
to support a more readable configuration file.  This version of the new 
configuration file is
.B NOT
compatible with the older versions from 1.0.3 or below.
.PP
The configuration file is split into sections of three general types:
.B FILES, CONFIG, 
and
.B HOSTS.
.PP
Each one of those sections is split into subsections, which will be 
explained next.
.PP
Subtext of each option is either boolean options, string options, or 
switchable options, all changeable by the system administrator.
.PP
Each section is split into a series of sections that resembles C type 
definition; not exact, but close enough to be familiar with it.  :)  
There's only one exception - these are not case sensitive.  Any casing 
will do, as long as the option is legal.
.PP
Thus, each section is formatted like this:
.sp
     OPTION section_name = {
       (tab/space) string_option = "string_format",
       (tab/space) +/\-boolean_pair_option = [BOOL, BOOL],
       (tab/space) +/\-internal_config_option
       (tab/space) host.name.here
     }
.\" FIXME
.\" Tabs/spaces optional
.PP
This illustrates that string options are strings put into "quotes", boolean 
options are given as TRUE and FALSE, 
switchable options are given with the + or \- directive, and hostnames 
are used as substrings, so that wildcards are not necessary.
.PP
A few sections simply contain a block of text to be used as the
value of a single option, which one is indicated by the section name
itself.
.PP
You may add comments using the hash mark ``#'' at the beginning of the
line.  Please note that no comments are allowed inside of a section.
.br
.SH "DISPLAY FILES SECTION (FILES display_files)"
Each option here is a string option.  The first 6 options are relative 
to the home directory of whatever user was fingered, the remaining are
absolute and should start with a "/".
.PP
.B PLAN
is the optional plan file which contains the text displayed as the
users plan.  The default is
.IR ".plan" .
.PP
.B PROJECT
is the optional project file that is used when displaying a project
description.  The standard here is
.IR ".project" .
.PP
.B PGP_KEY
is the optional "Pretty\-Good\-Privacy" file that is shown when
displaying a public or private key.  The standard here is
.IR ".pgpkey" .
.PP
.B XFACE
is the optional file that shows the user's face.  (This is commonly
used in E-Mail messages.)  The standard here is
.IR ".xface" .
.PP
.B NO_FINGER
is the optional file that is shown when a user wishes to remain
anonymous.  This is usually the case with root users (which should be
standard, anyway).  In order to hide the user this file should be an
exact copy of the nouser_banner.txt file.
The standard here is
.IR ".nofinger" .
This file can only be a standard displayable file.  This option will
also hide the user from a "search.pattern" query.  If any user can
read this file it will also be honored by a userlist (@host) query.
This is done by a non-priviliged program so the uid can't be changed.
.PP
.B USERLOG
is the optional file in which all attempts to finger a user are
logged for the users own reference.  If ALLOW_USERLOG is not enabled
this file is completely ignored.  If
ONLY_CREATE_FINGERLOG_IF_FILE_EXISTS is enabled
.B cfingerd
will only document finger requests if this file already exists in the
users home directory.  The default name is
.IR ".fingerlog" .
.PP
.B MAILBOX
is the file that is checked to see where the user's mailbox is.  If
you are using a regular Unix mail transport agent (such as 
.BR sendmail (1),
.BR smail (1)
or
.BR exim (1)), you would use
.I /usr/spool/mail/$USER
here.  If you are using something like qmail, you would use
.IR $HOME/Mailbox .
The path must be given as well as the filename to check for.
.I $USER
will expand to the proper username.  
.I $HOME
will expand to the proper home directory for that very user.  
If
.B MAILBOX
is set to``QMAIL'' cfingerd assumes that Qmail is used on the local
system and therefore will read
.I ~/.qmail
files instead of common mailbox files.
.PP
.B LOGFILE
is the file that is used to keep logs of everything that happens to
your finger program.  These logs are kept as backups for 
your finger file, and can be used to guard against attacks against your 
system if a finger attack occurs.  By keeping
.I cfingerd.conf
readable only by root the logfile should be kept in a safe, hidden place.
.PP
.B HEADER_DISPLAY
is the file that is displayed at the top of each finger reply.  The 
standard here is
.IR "/etc/cfingerd/top_finger.txt" .
.PP
.B FOOTER_DISPLAY
is the file that is displayed at the end of each finger reply.  The 
standard here is
.IR "/etc/cfingerd/bottom_finger.txt" .
.PP
.B NO_USER_BANNER
is the file that is displayed if the user doesn't exist.  The standard 
here is
.IR "/etc/cfingerd/nouser_banner.txt" .
.PP
.B NO_NAME_BANNER
is the file that is displayed if no name was specified in a finger 
request if a system listing is not allowed by the
.B SYSTEM_LIST
option (explained later).  The standard here is 
.IR "/etc/cfingerd/noname_banner.txt" .
.PP
.B REJECTED_BANNER
is the file that is displayed if a rejected host tries to finger your 
system for any reason.  The standard here is 
.IR "/etc/cfingerd/rejected_banner.txt" .
.br
.SH "FINGER DISPLAY CONFIGURE SECTION (CONFIG finger_display)"
Each option in this section is boolean.  The way this works is as 
follows:  The first boolean option is the setting for a remote host, or a 
host that fingers you from the outside.  The second boolean option is the 
setting for the local host, or trusted host.  This is what people from 
your own system will see.
.PP
TRUE means that this item is included in the cfingerd reply.  FALSE
means it is omitted.  Unless otherwise specified these items only
appear if an existing user is fingered.
.PP
Each option has a "\-" or "+" option.  This is for user\-overridable 
options, which will be in the next release of
.BR cfingerd .
These will allow 
each user to manipulate if this information is displayed when that
specific user is fingered.
.PP
.B HEADER_FILE
displays the header file at the beginning of each finger reply.
.PP
.B FOOTER_FILE
displays the footer file at the end of each finger reply.
.PP
.B LOGIN_ID
displays the login ID of that particular user.
.PP
.B REAL_NAME
displays the real name of that particular user.
.PP
.B DIRECTORY
displays the user's directory.
.PP
.B SHELL
displays the user's shell.
.PP
.B ROOM_NUMBER
displays the user's room number.
.PP
.B WORK_NUMBER
displays the user's work phone number.
.PP
.B HOME_NUMBER
displays the user's home phone number.
.PP
.B OTHER
displays the user's other information.
.PP
.B LAST_TIME_ON
displays the last time the user has logged into the fingered system.
.PP
.B IF_ONLINE
displays whether or not the user is currently logged into the fingered 
system.
.PP
.B TIME_MAIL_READ
displays the last time that the fingered user has read mail.
.PP
.B DAY_MAIL_READ
displays the last day that the fingered user read his/her mail.
.PP
.B ORIGINATION
displays the site from which the user logged in (if applicable.)
.PP
.B PLAN
displays the user's plan file.
.PP
.B PROJECT
displays the user's project file.
.PP
.B PGP
displays the user's Pretty\-Good\-Privacy key file.
.PP
.B XFACE
displays the user's XFACE file.
.PP
.B NO_NAME_BANNER
displays the banner if no username was given.
.PP
.B REJECTED_BANNER
displays the rejected banner file if the site fingering your system
was in the banned\-site listing.
.PP
.B SYSTEM_LIST
displays the system list if one was requested.
.PP
.B NO_NAME
displays the NO_USER_BANNER file if no user was selected.
.br
.SH "INTERNAL CONFIG SECTION (CONFIG internal_config)"
Each item in this section is a switchable option.  This means that a "+" 
before the item enables it while a "\-" before the item turns it off.
.PP
.B ALLOW_MULTIPLE_FINGER_DISPLAY
tells
.B cfingerd
to add the system finger information from the hosts listed in the
system_list_sites instead of only the localhost.  This is useful when
you have more than one ISP machine, located in different cities, or
even states.
.PP
.B ALLOW_SEARCHABLE_FINGER
allows you to let others outside of your system (or within it) to search 
for a specific username by using the "search.pattern" directive.
.PP
.B ALLOW_NO_IP_MATCH_FINGER
allows you to let sites finger your system if a hostname could not be 
matched to their IP address successfully.
.PP
.B ALLOW_USER_OVERRIDE
will allow your users to override specific options in the 
.B FINGER DISPLAY
section that you enable.  This is not yet implemented.
.PP
.B ALLOW_USERLIST_ONLY
will allow other sites to get a shortened form of the
"finger @hostname" response by issuing "finger userlist-only@hostname".
The shortened form does not merge in other computers even if
.B ALLOW_MULTIPLE_FINGER_DISPLAY
is enabled, and omits the usual headers and footers.  This listing is
only available if the remote user is allowed to query for a regular
system list, so
.B SYSTEM_LIST
from the finger_display section needs to be enabled, too.
.PP
.B ALLOW_FINGER_FORWARDING
will allow other sites to forward finger requests to a different machine 
if the user could not be located on the current machine.  (In order to 
use this option, you 
.B MUST
have the 
.B HOSTS finger_forward
option set, and have other sites in there.)
.PP
.B ALLOW_STRICT_FORMATTING
makes the finger display remove all returns between display options.  
This makes the finger display look horrible (as with GNU Finger or the 
other generic fingers) and makes your system look, well, "generic".  :)
.PP
.B ALLOW_VERBOSE_TIMESTAMPING
makes the timestamp that is displayed (at any place) very verbose.  For 
instance, where it used to say:
.sp
On since Sat Aug 12 03:43PM (PDT)
.PP
would now be shown as:
.sp
On since Sat Aug 12, 1995 03:43PM (PDT)
.PP
(Basically, ALLOW_VERBOSE_TIMESTAMPING just takes up more room on the 
display field.)
.PP
.B ALLOW_NONIDENT_ACCESS
lets
.B cfingerd
also accept connections from sites that don't run the IDENT daemon (or 
RFC1413-compliant program.)  This is for security sake, and is a good 
measure against unknown users trying to finger your system.  If this 
option is enabled, users that do not have identd running on their system 
(ala Windows users) will be able to finger your system.  Systems NOT 
running identd will return "unknown" as the user ID, and will thusly not 
be permitted to finger a user on your system.
.PP
.B ALLOW_FINGER_LOGGING
enables
.B cfingerd
to use the \fBLOGFILE\fP file to store any logs of 
activity that happen to your system via finger.
.PP
.B ALLOW_LINE_PARSING
makes
.B cfingerd
parse each line of every display file (including the plan, 
project, and pgp files) for any cfingerd-specific "$" commands.  If any 
are found, cfingerd will parse these commands and display correct 
information accordingly.  Otherwise, if this is turned off, the display 
will appear without parsed commands.
.PP
.B ALLOW_EXECUTION
will allow users to execute scripts in place of their
.IR .plan ", " .project ", and " .pgp
files.  This is used to display the standard output of another 
program directly to the screen of the user.  Keep in mind that this is a 
HUGE security risk, should you choose to use it.  It's normally suggested 
that this remain off, but you can turn it on if necessary. Nevertheless
these programs are called as nobody.nogroup as effective user (while
the real user will still be root, but a called program won't be able
to change this back).
.PP
.B ALLOW_FAKEUSER_FINGER
turns on or off the fake user option in
.BR cfingerd .
If you want fake users 
to be defined, and available to be fingered, you will want to enable this 
option.  This can be a security risk in some instances if you allow for 
searchable fingers, and your script calls an execute routine on that 
variable...  But chances are, that'll never happen.
.PP
.B ALLOW_USERLOG
will allow users to keep track of who has fingered them, and at what 
time.  The default name of this user logfile is
.IR ".fingerlog" .
.PP
.B ALLOW_CONFESSION
enables two fakeusers "help" and "version" that provide information
about the system running.  Some people don't like that so you can turn
it off.  When fingered the requestor will only see the NO_USER_BANNER
so he can't guess that the fakeuser is supported.
.PP
.B ONLY_SHOW_HEADERS_IF_FILE_EXISTS
will only show the header of the .plan, .project, etc. files if they
exist.  If the file doesn't exist, the header will not be shown.  This
saves space on the final output of the finger data.
.PP
.B ONLY_CREATE_FINGERLOG_IF_FILE_EXISTS
will only create a .fingerlog file in the fingered user's home directory
if one exists (and is read/writable by the user.)  This is to cut down on
hard drive space if they don't want a .fingerlog file.
.br
.SH "SYSTEM LIST SITES SECTION (CONFIG system_list_sites)"
This is just a series of hostnames that you want to finger when 
displaying a userlist query (finger @localhost) .  If you have more
than one system that you want to show, simply put their hostnames in
this list, separated on a line by itself.
.PP
A good example of the way this works is this: If you have a separate ISP 
system that you are running on the side, say "chatlink.com", then I would 
change my configuration to say:
.sp
    CONFIG system_list_sites = {
            chatlink.com,
            localhost
    }
.PP
Remember, if you are listing only a couple of sites, list the sites you 
will want to have listed (in order) first.  These sites are required to run
.B cfingerd
as well and they must not be offline while fingering.  The ending entry 
.B MUST
be the localhost, or the finger listing will not include your site.  If you 
include localhost anywhere else in the list, it will stop once it has 
reached the localhost entry, so remember to list it last!
.PP
For the simple fact that I want to get a user listing from my own 
machine, and from chatlink.com's system.  This would be automatically 
formatted nicely (ie. sorted and parsed) and would display on the screen 
in sorted order.  This program is usually used in tandem with the 
supplied
.BR userlist (1)
program.
.PP
If no system list sites are specified, multiple system sites will not be 
specified.
.br
.SH "TRUSTED HOST SECTION (HOSTS trusted)"
This is a listing of the sites that you allow to finger your system 
exclusively, giving them the same access that your local users would 
get.  In other words, they are treated as "localhost" users.
.PP
Each site that you list in this section should be separated by using the 
"," character.  You can include up to 80 sites in this listing.
.PP
Wildcards are supported in this section, and you may use them in the 
regex format as well.  Any wildcards with "*", "?", or any other regex 
wildcard matching character will work.  IP addresses will also work.
Hostnames are compared case insensitive.
.br
.SH "REJECTED HOST SECTION (HOSTS rejected)"
This is a listing of the sites that you do not allow to finger your 
system.  These sites don't get to finger anyone (or anything for that 
matter) on your system, regardless of what they try to do.  In essence, 
finger is cut off to those particular systems.
.PP
Each site that you list in this section should be separated by using the 
"," character.  You can include up to 80 sites in this listing.
.PP
Wildcards are supported in this section, and you may use them in the 
regex format as well.  Any wildcards with "*", "?", or any other regex 
wildcard matching character will work.  IP addresses will also work.
Hostnames are compared case insensitive.
.br
.SH "FORWARDED HOST SECTION (HOSTS finger_forward)"
This is a listing of sites that are used to forward a finger query to 
when a finger request was processed, but that particular user was not 
found on the associated system.  It will step through this listing, and 
it will search for the user in question.  If the user could not be found, 
then it will step through to the next host, and the next, until it finds one.
.PP
Each site that you list in this section should be separated by using the 
"," character.  You can include up to 80 sites in this listing.
.PP
Wildcards are supported in this section, and you may use them in the 
regex format as well.  Any wildcards with "*", "?", or any other regex 
wildcard matching character will work.
Hostnames are compared case insensitive.
.PP
If you do not specify any forwarding sites in this section, finger 
forwarding will be disabled for your system.
.br
.SH "FINGER STRINGS SECTION (CONFIG finger_strings)"
Each option in this section is a string that can be changed to fit your 
needs when displaying finger information.  These strings are limited to 
about 20 characters on the display.  (If you use more than 20, the finger 
display will end up looking strange.)
.PP
.B USER_NAME
is the string that is displayed when the user's username is shown.
.PP
.B REAL_NAME
is the string that is displayed when the user's real name is shown.
.PP
.B DIRECTORY
is the string that is displayed when the user's directory is shown.
.PP
.B SHELL
is the string that is displayed when the user's shell is shown.
.PP
.B ROOM_NUMBER
is the string that is displayed when the user's room number is shown.
.PP
.B WORK_NUMBER
is the string that is displayed when the user's work phone number is shown.
.PP
.B HOME_NUMBER
is the string that is displayed when the user's home phone number is shown.
.PP
.B OTHER
is the string that is displayed when the user's other display information 
is show.
.PP
.B PLAN
is the string that is displayed when the user's plan is shown.
.PP
.B PROJECT
is the string that is displayed when the user's project is shown.
.PP
.B PGPKEY
is the string that is displayed when the user's PGP Key is shown.
.PP
.B XFACE
is the string that is displayed when the user's XFACE file is shown.
.PP
.B NO_PLAN
is the string that is displayed if the user doesn't have a plan file to 
show you and
.B ONLY_SHOW_HEADERS_IF_FILE_EXISTS
is not enabled.
.PP
.B NO_PROJECT
is the string that is displayed if the user doesn't have a project file 
to show you and
.B ONLY_SHOW_HEADERS_IF_FILE_EXISTS
is not enabled.
.PP
.B NO_PGP
is the string that is displayed if the user doesn't have a PGP Key file 
to show you and
.B ONLY_SHOW_HEADERS_IF_FILE_EXISTS
is not enabled.
.PP
.B NO_XFACE
is the string that is displayed if the user doesn't have an xface file 
to show you and
.B ONLY_SHOW_HEADERS_IF_FILE_EXISTS
is not enabled.
.PP
.B WAIT
is the string that is shown when the system gathers information from 
other sites for a user listing.
.br
.SH "INTERNAL STRINGS SECTION (CONFIG internal_strings)"
These strings are changeable, and can be any length you want (within 
reason).  These strings are concattenated into the syslogging display 
when the appropriate finger has been issued.  This section also includes 
error messages that may occur.
.PP
.B NO_IP_HOST
is shown when there is no hostname that matches the incoming IP address.  
This usually indicates that either the site didn't register their IP 
address with the InterNIC, or they are coming from a hacked site.
.PP
.B RENICE_FATAL
is shown when the system failed to change the execution priority on the 
current process of cfingerd.
.PP
.B STDIN_EMPTY
is shown when the input buffer on the CFINGERD port is empty.  (This 
should never really happen; it's here for sanity.)
.PP
.B TRUSTED_HOST
is shown when a trusted host fingers your system.  If you do not specify 
a trusted host, cfingerd will insert "localhost" into this field.
.PP
.B REJECTED_HOST
is shown when a rejected host fingers your system.  If you do not specify 
a rejected host, cfingerd will insert "0.0.0.0" into this field.
.PP
.B ROOT_FINGER
is shown when a user fingers root.
.PP
.B SERVICE_FINGER
is shown when a user requests fake user services from your system.
.PP
.B USER_LIST
is shown when a user requests a system user listing from your system.
.PP
.B FAKE_USER
is shown when a user fingers a fake user from your system.
.PP
.B WHOIS_USER
is shown when a user fingers a user with a "WHOIS" query.  (This option 
is not yet available at the time of this writing.)
.PP
.B FINGER_DENY
is shown when a user tries to finger with a forward request like
user@host1@host2. This is not supported as it could result in
finger loops and lots of traffic.
.br
.SH "SIGNAL STRINGS CONFIGURE SECTION (CONFIG signal_strings)"
This section is used in changing the output that is given when a system 
crashes, or a signal is caught, and reported to the finger output.
.PP
The supported caught signals are as follows:
.PP
SIGHUP, SIGINT, SIGQUIT, SIGILL, SIGTRAP, SIGABRT, SIGFPE, SIGUSR1, 
SIGSEGV, SIGUSR2, SIGPIPE, SIGALRM, SIGTERM, SIGCONT, SIGTSTP, SIGTTIN, 
SIGTTOU, SIGIO, SIGXCPU, SIGXFSZ, SIGVTALRM, SIGPROF, SIGWINCH
.br
.SH "FINGER PROGRAMS FILES SECTION (FILES finger_programs)"
These are the programs that are called when a specific action is take on 
the finger display.
.PP
.B FINGER
is the file that is used when a system user listing is requested from your 
machine.  This is used in the standard user list and in the sorted 
user list, so it is wise to use the standard here; this being
.IR "/usr/sbin/userlist" .
.PP
.B WHOIS
is the program that is used when a "whois" request is done on a specific 
user.  This is currently not used.
.br
.SH "FINGER FAKEUSERS FILES SECTION (FILES finger_fakeusers)"
These are the ever\-popular fake users that you can create on your 
system.  These users are ones that don't exist (and should not, for that 
matter.)  These are, instead, treated as normal scripts that can be 
called for your use.
.PP
The format is as follows for fake users:
.br
    "fake_username", "Script name", SEARCHBOOL, "script"
.br
where...
.PP
.B fake_username
is the name of the fake user you want to request.  Make sure that this is 
a user that DOES NOT exist on your system.  Keep in mind that if you 
create a fake username, and that user already exists, the fake username 
will be shown. If you prepend '-' before the username, the fake user will
not be shown on the list of services.
.PP
.B Script name
is the standard name of your script.  This is used in the display of your 
services listing.
.PP
.B SEARCHBOOL
specifies whether or not parameters can be sent to that specific fake 
user.  If you decide to use the SEARCHBOOL option (ie. TRUE in this 
case), the passed variables are:
.sp
  $1 \- First passed option,
  $2 \- Second passed option,
  $3 \- Third passed option, and
  $4 \- Fourth passed option.
.PP
(If more than four options were passed to this, the request will be 
ignored, and an error message will be returned to the user that requested 
the finger request.)
.PP
.B script
is the location of your script.  It should be 
.B chmod 700
and readable only by root.
.PP
If you do not specify any fake users, a fake user called "None" will be 
created.  This is a fake user that does nothing, and calls "/dev/null" 
for the script.
.br
.SH "SERVICES HEADER CONFIGURE SECTION (CONFIG services_header)"
This is the display that is given during a services finger.  It should be 
formatted the same way that you want it to display on the screen.
.PP
When specifying the finger formatted options, you should specify them as 
C formatted strings as well, with the standard options.  This should 
always be given last in the display.
.PP
An example of this would be:
.sp
          Welcome to this system's services!

        User:     Service name:     Searchable:
      -------- -------------------- -----------
      %-8s %-20s %-s
.PP
Where this would display the above string.  Remember to keep the format 
string last, or a 
.B SIGSEGV
will result.
.br
.SH "SERVICES POSITIONS CONFIGURE SECTION (CONFIG services_positions)"
This specifies where in the above display string that the information 
from a service listing is to go.  These numbers can be anywhere between
1 and 3.
.PP
.B USER
specifies the position of the username listing.
.PP
.B SERVICE
specifies the position of the service full\-name listing.
.PP
.B SEARCH
specifies the position of the boolean search display.
.br
.SH CONTACTING
If you like the software, and you want to learn more about the software, 
or want to see a feature added to it that isn't already here, then please 
write to cfingerd@infodrom.north.de.  The project's webpage is at
http://www.infodrom.north.de/cfingerd/ .
.PP
As always, I appreciate any suggestions, or bug reports you may have,
so if you have suggestions or bug reports, BRING 'EM ON!  :)
.br
.SH "SEE ALSO"
.BR cfingerd (8),
.BR cfingerd.text (5),
.BR userlist (1),
.BR finger (1),
.BR regex (3),
.BR regexp (3).