Introduction
In Linux system management, knowing who is connected and what information each account has is essential for audit, clearance and permit management. The commandfingeroffers a fast and legible way to obtain data such as the full name, terminal, inactivity time and personal plan of each user. Although more advanced tools are in place today, finger remains useful in environments where an immediate and simple view of the status of users is required.
What's fake?
Finger is a network utility originating from the first Unix systems that allows you to consult information from both local and remote users. Its operation is based on the Finger protocol (RFC 742), which it listens to in port 79 and responds with data stored in files such as.planand.projectthe home directory of the user. The output includes login, real name, home directory, shell, connection time and, if available, file content.plan.
Installation
In many modern distributions, finger is not installed by default due to safety concerns. To add it, simply use the corresponding package manager. In Debian or Ubuntu:sudo apt-get update && sudo apt-get install finger. In Fedora:sudo dnf install finger. In Arch Linux:sudo pacman -S finger. After installation, the command will be available immediately from any terminal.
Basic syntax
The simplest format isfinger [opciones] [usuario]. If no user is specified, finger shows information from all users connected to the system. Some useful options are:-sfor a short format,-lfor a long format (default value),-pto avoid showing the content of.planand.projectand-mto avoid partial user name matches. Example:finger -s juanshows only login, name, terminal and inactivity time.
Examples of use
- See all active users:
finger - Get detailed information from a specific user:
finger -l marta - List users with short format:
finger -s - Check a user's information on a remote machine (if the finger service is enabled):
finger @servidor.example.com - Show only a user's plan without other data:
finger -p lola - Combine options to exclude plans and display long format:
finger -l -p carlos
Interpretation of the exit
The typical finger output includes several columns: Login, Name, Tty, Idle, Login Time, Office, Office Phone and, when available, the content of the file.plan. The fieldIdleindicates how long the user has been without activity; an old value can point to an abandoned session. The fieldLogin Timeshows the date and time of the session. If the user has a file.project, its content may appear after the plan, depending on the implementation.
Limitations and alternatives
Although finger is comfortable, it presents security risks because it reveals information that could be exploited by attackers (e.g. full names, connection times and personal plans). For this reason, many systems deactivate the finger service at port 79 or restrict its use to local consultation. Safer alternatives includew, who, lastand monitoring tools such ashtoporglances. For detailed audits, it is recommended to review the/var/log/auth.logor useauditd.
Conclusion
The commandfingerremains a valuable tool for quickly obtaining information from users in Linux systems, especially in trusted environments where transparency does not represent a risk. Knowing your syntax, options and how to interpret your output allows administrators to perform quick session checks and detect possible anomalies. However, it is essential to assess the risks of data exposure and, where necessary, use safer alternatives or disable the remote service.
