From owner-freebsd-hackers  Wed Feb 10 07:47:17 1999
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA13691
          for freebsd-hackers-outgoing; Wed, 10 Feb 1999 07:47:17 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.240.222])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA13686
          for <hackers@freebsd.org>; Wed, 10 Feb 1999 07:47:15 -0800 (PST)
          (envelope-from mph@wopr.caltech.edu)
Received: (from mph@localhost)
	by wopr.caltech.edu (8.9.2/8.9.1) id HAA10217;
	Wed, 10 Feb 1999 07:46:59 -0800 (PST)
	(envelope-from mph)
Date: Wed, 10 Feb 1999 07:46:58 -0800
From: Matthew Hunt <mph@pobox.com>
To: phoenix@calldei.com
Cc: GReg Sutter <gsutter@pobox.com>, Greg Lehey <grog@lemis.com>,
        hackers@FreeBSD.ORG
Subject: Re: Proposal: Ignore .nofinger for root
Message-ID: <19990210074658.A10003@wopr.caltech.edu>
References: <19990209200259.A98301@wopr.caltech.edu> <19990210082606.B58482@holly.dyndns.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.1i
In-Reply-To: <19990210082606.B58482@holly.dyndns.org>; from Chris Costello on Wed, Feb 10, 1999 at 08:26:06AM -0600
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Feb 10, 1999 at 08:26:06AM -0600, Chris Costello wrote:

>    Yes.  Why?

Well, I thought the rationale was trivial:  To provide accurate
information to the superuser.

On further reflection, though, that the patch is poor design,
although the argument is more subtle than your argument of "why?"
or Greg Lehey's argument that using finger on a local system
is somehow perverse.

I thought a good argument for the patch goes something like this:
The superuser has access to all of the information provided by
finger on a local system anyhow, so allowing ~/.nofinger only serves
to mislead him or make it less convenient for him to get to the
information he wants.

However, that statement is true for all local users, not just the
superuser.  Any user on the system who wanted to get around the
"protection" of ~/.nofinger could just build a new "finger" with
the hide() check removed.

The conclusion, therefore, is that if a change were to be made, it
should be that finger(1) ignores ~/.nofinger for all local users.
The effects of such a change are more far-reaching than I feel
appropriate, so I withdraw the proposal.

I suppose that root has to use a mixture of w and something like
chpass or pw if he wants accurate information.  Something still
doesn't seem right to me about finger lying to the superuser by
saying that a real user doesn't even exist...

-- 
Matthew Hunt <mph@pobox.com> * Science rules.
http://www.pobox.com/~mph/pgp.key for PGP public key 0x67203349.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message