I recently began a course in UNIX programming at the university I am attending, in playing around with it I found a few things I was curious about.
1.) I access the universities remote computer from my apt., so I’m not on a school computer. I noticed that the finger command lists locations, IP address, etc. Is it possible for someone to access files on my PC that I haven’t transfered to the universities machine? If so how can this be prevented.
2.) Can I and how do I edit my own information that is shown under the finger command. For example I noticed at the last line of each users info. there is a line that says “No Plan”. I noticed one user who had a witty remark there instead, can I do this at a non-admin level? If so what are the commands?
3.) If another user I know is on-line, can I send/receive files from them if they are on a non-university computer? If so is this method of using UNIX for ftp more useful/beneficial than other methods? What would be needed to use UNIX for ftp w/out going through the universities servers (i.e. sending my buddy down the street a file).
I could go on and on but I’ll stop there, if anyone has anything they think is interesting to fool around with in UNIX feel free to add that too. I’m just curious what can be done in here.
I wanted to point out that I don’t expect all my questions answered by one person. If you know or have a suggestion to one or even part of one, it will be much appreciated.
Depends on the OS you’re running. It’s unlikely but not entirely implausable. You can run a firewall like ZoneAlarm though if you’re paranoid.
Create a text file in your home directory named .plan (note the leading period). Put your witty remark in that file and save it. Next you’ll have to make the file world readable, so issue the command ‘chmod ugo+r .plan’. You should be good to go.
Not sure what you are asking here. You can run an ftp server on your home machine and have users ftp files to/from your box.
How are you logging on to your account from your apartment? I would guess that this is just a Telnet or SSH login (yes?) – if so, then I don’t think you need to worry about somebody accessing your PC through that login session. If you use a cable modem or DSL line from home, though – you may want to look into personal firewall software. ZoneAlarm is pretty good, and there’s a free downloadable version.
Wow – I’m surprised your school is still allowing “finger” to be run. There are worms and security exploits that have made use of finger. Well, for the “plan”, in your home directory, just create a file named “.plan” (notice it begins with a period – it’s a “dotfile”, usually not shown in regular directory listings with the “ls” command unless you use the appropriate flag on the ls command). Inside the “.plan” file (just a text file), type whatever special comment you like.
Sending and receiving files between your unix account and a remote computer? Sure. The easiest methods would be FTP and e-mail. I would guess that the system your account is on would have e-mail service running. Have you checked? They may even have the simple text-based e-mail client called “pine” installed (which can send attachments). To check, just type “pine” when you log in and see if it opens.
I would also guess that your system would be running FTP service. If regular FTP, then any FTP client program could connect (like from your friend’s PC, or from your home one). If they are running only secure shell logins and secure FTP, then you’ll need an SFTP client.
As for initiating it from the unix account itself, your buddy would have to be running an FTP server, himself, if you wanted to connect to it from your account. Easier to use e-mail to send files in this case.
As for my question about the ftp thing between mine and a buddies machine w/out going through the universities server. We often trade files that are usually to large for our usual e-mails to handle/allow. I was just curious if we could use telnet instead to transfer files between each other, files that we didn’t want to risk the school finding/seeing :). If so, can we just connect via IP addresses through telnet? I know there are ftp programs out there, just wondered if this would work this way since we both have to use UNIX.
…and why can’t I edit my own posts on these boards!! Says I don’t have permisssion to edit the posts, MY OWN posts. Geez…
Through plain telnet? no. Telnet is a very, very basic protocol. If you have SSH, you can use the SCP or SFTP utilities that typically come with an ssh distribution. If you’re extremely paranoid this would probably make it pretty darn tough for those snooping university overlords to tell preciscely what you were transferring.
Alternatively, some GUI telnet clients incude things like ZModem up/download support, which you can use with the ‘rz’ and ‘sz’ (Receive Zmodem/Send ZModem) utilities that at least used to come prepackaged with most flavors of unix… I haven’t the foggiest idea if they still are, I would imagine they’re not used a great deal anymore.
If you’re comfortable doing so (and you have root privileges) you can setup an FTP server without too much of a hassle, assuming you don’t have one setup already. If you don’t have root, you can still do it in most cases, but you’ll have to get it to bind to an unprivileged port (> 1024). If you’ve got firewalls inbetween the two endpoints you might get some hassles. FTP data transfer happens over UDP which is a stateless/connectionless protocol… oh, I’m drifting. Sorry, I’m a nerd, if you’re really interested, email me, I won’t bore everyone else In any case, if it starts giving you errors about not being able to establish a data connection, start changing your ‘passive mode’ settings.
There are two files that are displayed by finger. One is the “.plan” file as mentioned, but also “.project”. The latter should be confined to a single line. In addition to these files being world readable, your home directory has to be world viewable. That means readable and executable:
chmod ugo+rx ~
Note that means that anyone with access to your file system. (On the same machine or one it is exported to.) can do a directory list of your home directory. If you have world readable files or directories there, they can then read them. So don’t leave anything interesting in a home directory and protect you subdirectories as needed.
finger is not a security hole if people do things right. A finger without any user names (which shows all users) should not be allowed from outside. A finger with user name is more or less safe from spammers since it means they already have your user name.
The problem with local fingers is people having insecure passwords and such but the sysadmin should be running software to check for weak passwords anyway. Note: without finger, it is trivial for local users to get lists of all user names. The issue is people finding dormant accounts.
IMHO, finger is extremely helpful and not a real security risk.
I was just going to say that. ‘man finger’ with no quotes will tell you everything about it.
Files that can be displayed, according to the man page for the version of finger that is supplied with redhat 7.2, are: .plan, .project, .pgpkey, and .forward, all from the user’s home directory.
To change your personal details as reported in finger, use the chfn utility.
In any case, if it starts giving you errors about not being able to establish a data connection, start changing your ‘passive mode’ settings.