finger

Display information about currently logged in users

$ finger

$ finger [username]

$ finger -s

$ finger -l

$ finger -m

finger [-lmsp] [user] [user@host] [... | @host]

-s
    Short format output. Displays login name, real name, terminal name, idle time, login time, and host name. This is the default when multiple users are specified or when querying a remote host.

-l
    Long format output. Displays all available information, including home directory, shell, and the contents of .plan and .project files. This is the default when only one local user is specified.

-p
    Prevents the display of the .plan and .project files. Useful for privacy or if you don't wish to expose these files.

-m
    Prevents matching of user names; matches only the specified user exactly. For example, finger -m root will only show information for 'root' and not 'root_user' or other users whose names contain 'root'.

user
    Specifies the login name of the user whose information is requested on the local system.

user@host
    Specifies a user on a remote host to query. The command will attempt to connect to the finger daemon on the specified host.

@host
    Queries the remote host for information about all users currently logged in. This option is less common and might not be supported by all finger daemons.

The finger command provides details about users logged onto a system, or, when querying a remote host, about users on that remote system. It displays information such as the user's login name, real name, terminal line, login time, idle time, and the contents of their .plan and .project files located in their home directory. Historically, it was widely used in academic and research networks to find contact information for individuals.

While its usage has declined due to security concerns and the rise of other communication methods, it remains a utility for local system introspection or in controlled environments. When used with a remote host, it attempts to connect to the finger service (TCP port 79) on that host.

Security Concerns: The finger protocol inherently leaks information about users on a system (e.g., login times, real names), which can be exploited by attackers for reconnaissance. This is a primary reason for its declining usage and why it is often disabled on public-facing servers.

Privacy Concerns: The information exposed by finger (like login times, idle times, and .plan contents) can raise privacy issues for individuals.

Dependence on fingerd: To query remote hosts, the target host must be running a finger daemon (e.g., fingerd or in.fingerd), which is frequently disabled by default on modern systems for security reasons.

finger displays the content of these plain text files (if they exist) from the user's home directory. The .plan file is often used for personal status updates, 'project plans', or general information about the user. The .project file is typically used for details about the user's current project or activity.

The finger protocol typically operates over TCP port 79. When querying a remote host, the finger client attempts to establish a connection to this port on the target machine.

The finger command originated in the early days of ARPANET/Internet, developed by Les Earnest at Stanford University in 1971. It became a standard utility for displaying user information across networked systems. Its purpose was to facilitate communication by allowing users to easily find contact details and status of others. The finger protocol (RFC 1288) was formally defined to standardize this information exchange. Its peak usage was in the 1980s and early 1990s in university and research networks. However, with the rise of widespread internet usage and increasing security threats, the command and its associated daemon (fingerd) largely fell out of favor due to the information leakage it facilitated.

w(1), who(1), users(1), id(1), passwd(5)