finger

Display information about currently logged in users

$ finger

$ finger [username]

$ finger -s

$ finger -l

$ finger -m

finger [options] [user ...]

-a
    List all users, including those who are currently idle.

-b
    Omit the user's home directory and shell in the long format output.

-f
    Suppresses the display of the header line.

-h
    Print help message.

-i
    Idle time format, displays idle time in minutes instead of hours and minutes

-l
    Force long format output (the default if no options are specified).

-m
    Match arguments only on user names, not first and last names. Normally, finger will attempt to match arguments against first and last names as well as account names.

-p
    Suppresses the display of the user's .plan file.

-q
    Quick format: displays the user's login name, full name, terminal, and idle time.

-s
    Short format: displays the user's login name, terminal, idle time, and login time.

-w
    Omit the user's full name in the long format output.

[user ...]
    One or more user names to display information about. If no user is specified, finger will display information about all logged-in users.

The finger command is a user information lookup utility. It displays information about system users, including their login name, real name, terminal name and write status, idle time, login time, and office location and phone number. It gathers this information from various system databases and files, such as /etc/passwd, /var/log/wtmp, and user's .plan and .project files. The output format can vary depending on the options used and the information available for each user.

While useful, finger can expose potentially sensitive user information. Its use is often restricted or disabled on modern systems due to security concerns, particularly in networked environments where it could be exploited to gather reconnaissance data. Alternatives like `id`, `who`, or specific LDAP queries are often preferred for retrieving user information with greater control over the exposed details. The default display is intended to be human-readable, but its format is not standardized and can vary between implementations.

The information displayed by finger depends on the configuration of the system and the user's settings. It may not always be accurate or complete. Also, due to security implications, finger might be disabled on many systems.

Historically, users could create files named `.plan` and `.project` in their home directories to provide additional information that would be displayed by finger. The `.plan` file was typically used for personal information, while `.project` was used to describe the user's current work project. The `-p` option prevents finger from displaying the contents of `.plan`.

Exposing user information can be a security risk. Attackers could potentially use finger to gather information about usernames, login times, and system activity to aid in social engineering or password guessing attacks. Because of these risks, finger is often disabled or firewalled, especially in networked environments. Newer systems often rely on more secure methods for user information retrieval.

The finger command originated in BSD Unix. It was designed to provide a simple way to find information about users on a system. Its usage has declined due to security concerns, but it remains present on some systems. The command attempts to read information from `/etc/passwd`, `/var/run/utmp`, and the user's `.plan` and `.project` files in their home directory to present a unified view of user data.

who(1), w(1), id(1)