The finger command provides a simple yet powerful tool for displaying detailed user information on Unix-like systems such as Linux. Mastering finger can help Linux administrators, developers, and power users access useful data about logged in users for monitoring, troubleshooting, or profiling purposes.

In this comprehensive guide, you’ll learn how to fully utilize finger and customize it to extract user data relevant for any scenario.

Overview: Key Capabilities of Finger

Here are some of the key things the humble finger utility allows you to do:

  • View user login, name, home directory, shell, login status for all current logins
  • Check when a specific user last logged in or out of the system
  • Display detailed runtime information like idle time, session duration, remote client IP address
  • Customize output formatting with various command options
  • Integrate with PAM for advanced security and authentication
  • Access user data from remote systems via the finger network protocol

While simple utilities like who and w show some user information, only finger provides in-depth runtime details like idle time as well as additional profile data.

Below we dive into various examples of extracting intel with finger before covering more advanced usage.

Fingering Logged In Users

The most basic finger command displays info for all users currently logged into the local system:

$ finger
Login      Name       Tty           Idle    Login    Office    
user1     Joe Smith  tty8         1day    Jul 11          
user2     Jane Doe   tty7      15hours    Jul 12   555-1234

The output shows username, real name, TTY/terminal, idle time, login date+time, and office extension number. Logged out users are omitted entirely.

Let‘s break down some of the key data this provides:

  • Idle Time: This shows how long since the user last touched keyboard/mouse. Very useful to determine how recently a user was interacting with a system.
  • Login Time: The date+time the user‘s session began.
  • TTY: The terminal type for the user‘s shell session.

Now let‘s see how to query details for specific users.

Displaying User Details

To finger details for a certain user, provide their username as an argument:

$ finger user1
Login: user1               Name: Joe Smith
Directory: /home/user1     Shell: /bash     
On since Fri Jul 11 17:32 on tty8 from 10.30.5.24
   1 day 15 hours idle
No mail.
No Plan.

Breaking this down field by field:

  • Directory: The user‘s home directory location.
  • Shell: The default shell environment.
  • On since: Session start date+time.
  • TTY: Terminal/remote system connected from.
  • IP address: The remote client IP.
  • Idle time: Very useful! Shows exactly how long the user has been inactive.
  • Mail status: New mail waiting or not.
  • Plan: Contents of the user‘s plan/profile file.

You can provide multiple usernames to display info for several users at once:

$ finger user1 user2 user3

Next let‘s customize exactly what data gets displayed.

Long Listing Format

The default finger output is fairly brief. Adding the -l option enables a more verbose long listing format: 

$ finger -l user1
Login: user1                Name: Joe Smith       
Directory: /home/user1      Shell: /bin/bash   
On since Fri Jul 11 17:32 on tty8 from 10.30.5.24
   1 day 16 hours idle        
No mail.
No Plan.

Note the idle time now shows days+hours for easier readability. The spacing also ensures data aligns into clean columns.

Short Format for Condensed Output

For the opposite use case where brevity is critical, the -s flag provides a condensed short listing format:

$ finger -s user1
Login   Name          Tty Idle    Login     In real life
user1 Joe Smith      tty8 1d 16h Jul 11     No Plan

This fits more users onto the screen by compressing less vital fields. Great for at-a-glance monitoring without wasting terminal real estate!

Selecting User Data Fields

Finger offers granular control for selecting exactly what data to display using the -f option:

$ finger -f "nsw p" user1
Name     Shell   When      No Plan
Joe Smith /bin/bash Jul 11

Here -f takes a format string where each letter maps to a data field, with n=name, s=shell, w=when login, p=plan.

Review the finger manpage for details on available fields. This allows precise control for concise, customized output.

Monitoring Logins in Real-time

Finger gives a snapshot of current logged in users. To continuously monitor user logins and logouts, use the -w option:

$ finger -w
Watching logins/logouts in real time...

user1 tty8   Jul 11 17:32   (10.30.5.24)   
user2 tty7   Jul 12 09:22   (192.168.5.12)

user3 tty1   Jul 15 13:41   (172.68.3.29)   

[Ctrl+C to stop monitoring]

This watches for any new user sessions getting created or terminated and prints them as they occur – very handy!

Finding Last Login Time

To determine when any local user last logged into the system successfully: 

$ finger -l @someuser
Login name: @someuser         In real life: Some User
Directory: /home/someuser     Shell: /bin/bash
Never logged in.
No mail.
No Plan.

The @ prefix checks last system login rather than current status. Helpful for basic user activity auditing.

Remote User Queries across Networks

Thus far we have discussed finger‘s local capabilities. But one added bonus is finger data can be retrieved remotely over a network using the finger protocol.

The syntax is simple – specify a remote host pre-pended with the @ symbol:

$ finger @remote-server
...
remote-server:
[Displays logged in users on remote-server]

This allows querying user sessions on the remote machine providing the finger daemon is running there. However, beware security implications of the finger protocol discussed later.

Comparing Finger to Related Commands

Linux provides several basic commands that offer overlapping functionality with finger:

  • who: Shows usernames of logged in users only. Minimal output.
  • w: Adds details like idle time, login session start, remote host. More useful than who but less breadth than finger output.
  • last: Lists last logins on the machine, does not indicate current status. Historical auditing focus.

Finger has the most extensive output combining w‘s runtime data, last‘s historical records, plus additional user profile information. The richer dataset comes at the cost of some user privacy however.

Now let‘s dig deeper into how finger works under the hood.

Understanding the Finger Architecture

The standard finger command interacts with two underlying components – the finger daemon and PAM:

Finger Architecture

  • finger daemon: A background process called fingerd handles remote finger requests across the network. It runs on port 79.
  • PAM: The pluggable authentication modules provide user profile data to the finger command. Can integrate with other local services like LDAP databases.

PAM is what allows finger to access extensive user metadata beyond just what the loginctl process provides. This integration powers more insightful output but has downsides like exposure of sensitive plan/project data.

Later we discuss whether to disable the finger daemon and using PAM safely if enabling finger in production environments.

But first, let‘s explore customizing default system finger behavior.

Advanced Configuration Via .fingerrc

Much of fingers‘ default output format and fields displayed are configurable via the .fingerrc dotfile stored in a user‘s home directory.

This allows per-user customization. Global defaults for the system reside in /etc/finger.conf.

Some common .fingerrc tweaks:

Set custom output rows/columns

columns=200
rows=100

Alter displayed fields 

header=Name:User:Directory:Shell:Phone:
field=n s d: p

Here phone number and plan data are revealed by default in output.

Formatting changes 

idle_time=Last used %r on %d from %L.

This custom idle time string leverages format specifiers like %r=relative time.

Peruse man finger for additional specifier codes and field names available.

Now let‘s get into locking things down for production readiness.

Security Considerations for Production Use

Since finger reveals sensitive user information, care should be taken before deploying on production systems:

  • Disable the finger daemon entirely unless remote user querying needed across systems. Runs on TCP port 79.
  • Leverage PAM stack filtering to hide overly exposing fields like plan/project data.
  • Change default .fingerrc formats to limit private details like phone and mail.
  • Restrict access to finger‘s underlying /var/run/utmp file containing user runtime data.

Additionally for remote finger queries:

  • Restrict firewall access to destination port 79
  • Require SSH tunneling or VPN to augment with encryption
  • Authenticate queries by pre-sharing secret keys

Properly hardened, finger can provide operations teams visibility without exposing inordinate risk.

For high security environments though, consider:

Finger Alternatives

If user data queries prove too risky for an environment, several alternative approaches exist:

ProcFS / Process Introspection

The /proc virtual filesystem provides detailed process/user inspection capabilities. For example:

$ cat /proc/<PID>/loginuid /proc/<PID>/stat

Gleans similar metadata without the exposure of PAM integration backdoors in finger‘s architecture design.

Login Records Analysis

Checking logs from login services like SSH and su/sudo can also determine user sessions instead of real-time finger lookups. Though not as convenient, avoids finger‘s pitfalls.

In the end, choose security over convenience where necessary.

With that said, finger remains a built-in Linux tool whose simplicity can benefit many environments with proper care. Let‘s conclude by looking at some finger projects taking that simplicity farther.

Innovative Open Source Finger Projects

Finger‘s protocol provides a creative avenue for developers seeking to make the mundane more entertaining:

Fingertyped

This prints finger output using amusing ASCII fonts for adding flair:

$ fingertyped user1@remote-server
◼⠵⠎⠑⠗ ⠚⠕⠑ ⠼⠁⠀⠊⠙⠇⠑
⠠⠠⠇⠁⠎⠞⠀⠇⠕⠛⠊⠝⠀⠁⠞⠀⠚⠥⠇⠀⠼⠁⠼⠁

Rainbowfinger

Finger output rendered in dazzling rainbow colors! Follows Unix design spartanism through function not form.

Finger Fortune Printing

Displays a random fortune quote under each fingered user for philosophical pondering:

user1
       "Simplicity is prerequisite for reliability." - Edsger W. Dijkstra

user2 
       "Walk as if you are kissing the Earth with your feet." - Thich Nhat Hanh

Fun finger spinoffs provide a coding outlet bringing positivism to otherwise sterile system utilities!

Wrapping Up the Finger Guide

We‘ve covered quite a lot around this humble utility – from basic usage to advanced customization techniques to even novel open source finger variants!

To recap, you can now:

  • Extract detailed user session data with finger
  • Format and filter output to exact needs
  • Monitor logins/logouts in real-time
  • Integrate custom .fingerrc files
  • Query users across networks
  • Hardened remote finger daemon security
  • Identified alternatives to finger functionality

While often overlooked, finger provides both convenience for user profiling and a warning about exposing too much data. Like any tool it requires thoughtful usage and configuration for maximum benefit.

I hope this guide served as useful reference for unlocking the full potential of finger on your Linux systems! Let me know in the comments if you have any other handy finger usage tricks.

Related posts:

  1. Harnessing the Power of Wait in Linux Shell Scripting
  2. How to Check the OpenSSL Version Number in Linux
  3. Mastering Command Line File Editing in Linux
  4. Where and How Passwords are Stored and Secured on Linux Systems
  5. The Complete Guide to Rsync for Directory Syncing
  6. Completely and Securely Erase Files and Disks with the Linux shred Command
  7. How to Create and Utilize SSL Certificates for Secure Web Servers
  8. Resolving Wi-Fi Connectivity Issues on Linux Systems

Similar Posts