SUMMARY2: finger

From: Surender Dinkar <>
Date: Tue Mar 12 2002 - 03:22:59 EST
Many thanks to Casper Dik and Eric van de Meerakker for pointing to the
exact problem . Thanks also to Neil Hunt and Andy Bach for there usefull
suggestions .

Reason that I could not finger to some of the IDs was a bad entry in
password  database.

Casper Dik writes
"This usually points to a corrupt entry; the routine that gets entries from
the NIS map will stop doing so when it encounters en entry with too many or
too few colons."
You can check the bad entries with:

         ypcat passwd | nawk -F: 'NF != 7 {print}'

I found one of the entries had seven "colons"  rather than six . All
entries after that were simply ignored by fingerd .

Eric also suggested the same thing
"Actually the problem is that 'fingerd' is far more critical than other
programs about the contents of the passwd database. Everything may work
perfectly, except for finger, and that is caused by the fact that
fingerd starts reading the passwd database until it finds the entry it is
looking for, but immediately stops when one record in the database doesn't
have the exact format fingerd expects it to have."

Q.) In nis environment which  file will finger refer to for "In real Life"
information ?
A.) It will refer to password map and not to a file.

Q)How does "ypcat -k passwd " sort its output ?
CASPER DIK SAYS:- ypserv stores the files in a database; it returns them
with ypcat in the order in which the database has hashed the keys.

ERIC SAYS:-   ypcat outputs the passwd database in a 'random' order, YP
maps are stored in a tree structure, and the ypcat just 'walks the tree'
and outputs every record along the way. When you add one record to the
passwd file and rebuild the passwd YP map, ypcat can (and generally will)
output the database in a very different order. What you *can* depend on is
that ypcat will output the passwd records in *exactly* the same sequence
that fingerd reads them!

I also got replies from

Andy wrote

I'm not sure I'm completely w/ you, but do you have tcp wrappers in place?
It offers a replacement for finger and a variety of ways of messing w/ it
that might let you do what you want ... not that I understood what that was
(my mistake as I missed your opening post).

While Neil suggested me to link my .plan to a large binary same thing was
also suggested to me by . Well I beleive some
smart users will still manage to finger .

Surender Dinkar

My original posting follows

> Unanimous answer was "you cannot do it" . Few suggested to disable
> fingerd . Well this was not something I was looking for. Thanks to the
> following gurus .
> I had asked this question as I was not able to do "finger one_of_myuser"
> . The output suggests as if there is no user with this ID, which is not
> true.  I thought he had done something to hide from finger command .
> Well I have confirmed from him and he hasn't done anything . Digging
> deeper I got to know there were few more user IDs which I cannot
> "finger" . The only thing common between these IDs is if I do "ypcat -k
> passwd|grep ^x" (Replace x with any of the alphabets) , these
> non-fingerable IDs will be last 4 or 5 in the list . Is my password file
> corrupt ? .Can somebody shed some light on this?
> In nis environment which  file will finger refer to for "In real Life"
> information ?
> How does "ypcat -k passwd " sort its output ? It is not as it appears in
> passwd database ,not alphabetical, and not by uid .
> Thanks
> Surender
> Original posting
> > Hello everybody
> >
> > How can I stop somebody seeing my information when they do "finger
> > my_login_id"  ? I am not administrator so I cant disable the service
> > itself . I will summarize.
> >
> > thanks
> > Surender
> > _______________________________________________
> > sunmanagers mailing list
> >
> >
> _______________________________________________
> sunmanagers mailing list
sunmanagers mailing list
Received on Tue Mar 12 02:25:41 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:36 EST