"Finger" Unix command

Is there a way to find out which users have fingered me? If so, how?

fingerd has logging capability, but if you aren’t root you probably can’t get to it / activate logging.

You can, however, put “terminal control” bombs in your .plan if you want to be obnoxious, unless somebody has plugged that - it’s been a while. Once I placed terminal control sequences in my .plan which had the effect of vertical spacing and erasing all my information after briefly displaying the message “how DARE you finger me!” (on any terminal or terminal window respecting ANSI standard escapes). I got a couple chuckles out of it and forgot I’d done it. Months later our sysadmin fingered me, got annoyed, and told me to remove it.

Since finger is a security risk most sysadmins have disabled its use.

Yes, but the system I access doesn’t have finger disabled. In fact, many students publish plans. That’s why I asked. Anyone else know a little fingertrace thing I could copy?

From the fingerd manpage:

So if you want (and if it is readable) to snoop in /etc/inetd.conf (or /etc/xinetd.d/finger), you can see if the connections are being logged, by looking for that flag. If it isn’t, that’s that.

If it is logging, the notes are probably in a standard syslog file such as /var/log/messages, /var/adm/messages, /var/log/syslog or some other file in /var/log. Chances of that file being readable by a regular user should be low, but who knows.

If the filesystem is only mounted on one machine (no NFS mounts, etc.) you can make .plan a named pipe and have a background process writing to it. The idea is that writes to the pipe will block until someone tries to read from it. When a write succeeds, you can try to figure out where the finger is coming from (with ps, netstat, etc.) before closing the pipe again.

It’s been a while since I did this; I’m not sure if it still works and I might be wrong on the details. It got far less useful once NFS-mounted filesystems became the norm (named pipes don’t work across NFS mounts). It also has the potential to annoy sysadmins (it annoyed mine:)).