253 lines
6.5 KiB
Groff
253 lines
6.5 KiB
Groff
.\" $NetBSD: tftpd.8,v 1.30 2015/05/05 08:08:33 wiz Exp $
|
|
.\"
|
|
.\" Copyright (c) 1983, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" from: @(#)tftpd.8 8.1 (Berkeley) 6/4/93
|
|
.\"
|
|
.Dd May 5, 2015
|
|
.Dt TFTPD 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm tftpd
|
|
.Nd
|
|
.Tn DARPA
|
|
Internet Trivial File Transfer Protocol server
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Op Fl bcdln
|
|
.Op Fl g Ar group
|
|
.Op Fl p Ar pathsep
|
|
.Op Fl s Ar directory
|
|
.Op Fl u Ar user
|
|
.Op Ar directory ...
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
is a server which supports the
|
|
.Tn DARPA
|
|
Trivial File Transfer Protocol.
|
|
The
|
|
.Tn TFTP
|
|
server operates at the port indicated in the
|
|
.Ql tftp
|
|
service description; see
|
|
.Xr services 5 .
|
|
The server is normally started by
|
|
.Xr inetd 8 .
|
|
.Pp
|
|
The use of
|
|
.Xr tftp 1
|
|
does not require an account or password on the remote system.
|
|
Due to the lack of authentication information,
|
|
.Nm
|
|
will allow only publicly readable files to be accessed.
|
|
Filenames beginning in
|
|
.Dq Pa ../
|
|
or containing
|
|
.Dq Pa /../
|
|
are not allowed.
|
|
Unless
|
|
.Fl c
|
|
is used,
|
|
files may be written to only if they already exist and are publicly writable.
|
|
.Pp
|
|
Note that this extends the concept of
|
|
.Qq public
|
|
to include
|
|
all users on all hosts that can be reached through the network;
|
|
this may not be appropriate on all systems, and its implications
|
|
should be considered before enabling tftp service.
|
|
The server should have the user ID with the lowest possible privilege.
|
|
.Pp
|
|
Access to files may be restricted by invoking
|
|
.Nm
|
|
with a list of directories by including up to 20 pathnames
|
|
as server program arguments in
|
|
.Pa /etc/inetd.conf .
|
|
In this case access is restricted to files whose
|
|
names are prefixed by the one of the given directories.
|
|
The given directories are also treated as a search path for
|
|
relative filename requests.
|
|
.Pp
|
|
The options are:
|
|
.Bl -tag -width "XsXdirectoryX"
|
|
.It Fl b
|
|
Allow clients which return acknowledgements to the broadcast address to
|
|
communicate with the tftp server.
|
|
Some tftp clients, notably ones resident in the ROMs of older Cisco
|
|
equipment, return their acknowledgements to the broadcast address rather
|
|
than the server's unicast address.
|
|
.It Fl c
|
|
Allow unrestricted creation of new files.
|
|
Without this flag, only existing publicly writable files can be overwritten.
|
|
.It Fl d
|
|
Enable verbose debugging messages to
|
|
.Xr syslogd 8 .
|
|
.It Fl g Ar group
|
|
Change gid to that of
|
|
.Ar group
|
|
on startup.
|
|
If this isn't specified, the gid is set to that of the
|
|
.Ar user
|
|
specified with
|
|
.Fl u .
|
|
.It Fl l
|
|
Logs all requests using
|
|
.Xr syslog 3 .
|
|
.It Fl n
|
|
Suppresses negative acknowledgement of requests for nonexistent
|
|
relative filenames.
|
|
.It Fl p Ar pathsep
|
|
All occurances of the single character
|
|
.Ar pathsep
|
|
(path separator) in the requested filename are replaced with
|
|
.Sq / .
|
|
.It Fl s Ar directory
|
|
.Nm
|
|
will
|
|
.Xr chroot 2
|
|
to
|
|
.Ar directory
|
|
on startup.
|
|
This is recommended for security reasons (so that files other than
|
|
those in the
|
|
.Pa /tftpboot
|
|
directory aren't accessible).
|
|
If the remote host passes the directory name as part of the
|
|
file name to transfer, you may have to create a symbolic link
|
|
from
|
|
.Sq tftpboot
|
|
to
|
|
.Sq \&.
|
|
under
|
|
.Pa /tftpboot .
|
|
.It Fl u Ar user
|
|
Change uid to that of
|
|
.Ar user
|
|
on startup.
|
|
If
|
|
.Fl u
|
|
isn't given,
|
|
.Ar user
|
|
defaults to
|
|
.Dq nobody .
|
|
If
|
|
.Fl g
|
|
isn't also given, change the gid to that of
|
|
.Ar user
|
|
as well.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr tftp 1 ,
|
|
.Xr inetd 8
|
|
.Rs
|
|
.%R RFC
|
|
.%N 1350
|
|
.%D July 1992
|
|
.%T "The TFTP Protocol (Revision 2)"
|
|
.Re
|
|
.Rs
|
|
.%R RFC
|
|
.%N 2347
|
|
.%D May 1998
|
|
.%T "TFTP Option Extension"
|
|
.Re
|
|
.Rs
|
|
.%R RFC
|
|
.%N 2348
|
|
.%D May 1998
|
|
.%T "TFTP Blocksize Option"
|
|
.Re
|
|
.Rs
|
|
.%R RFC
|
|
.%N 2349
|
|
.%D May 1998
|
|
.%T "TFTP Timeout Interval and Transfer Size Options"
|
|
.Re
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
command appeared in
|
|
.Bx 4.2 .
|
|
.Pp
|
|
The
|
|
.Fl s
|
|
flag appeared in
|
|
.Nx 1.0 .
|
|
.Pp
|
|
The
|
|
.Fl g
|
|
and
|
|
.Fl u
|
|
flags appeared in
|
|
.Nx 1.4 .
|
|
.Pp
|
|
IPv6 support was implemented by WIDE/KAME project in 1999.
|
|
.Pp
|
|
TFTP options were implemented by Wasabi Systems, Inc., in 2003,
|
|
and first appeared in
|
|
.Nx 2.0 .
|
|
.Sh BUGS
|
|
Files larger than 33,553,919 octets (65535 blocks, last one less than 512
|
|
octets) cannot be correctly transferred without client and server
|
|
supporting blocksize negotiation (RFCs 2347 and 2348).
|
|
As a kludge,
|
|
.Nm
|
|
accepts a sequence of block numbers which wrap to zero after 65535.
|
|
.Pp
|
|
Many tftp clients will not transfer files over 16,776,703 octets
|
|
(32767 blocks), as they incorrectly count the block number using
|
|
a signed rather than unsigned 16-bit integer.
|
|
.Sh SECURITY CONSIDERATIONS
|
|
You are
|
|
.Em strongly
|
|
advised to set up
|
|
.Nm
|
|
using the
|
|
.Fl s
|
|
flag in conjunction with the name of the directory that
|
|
contains the files that
|
|
.Nm
|
|
will serve to remote hosts (e.g.,
|
|
.Pa /tftpboot ) .
|
|
This ensures that only the files that should be served
|
|
to remote hosts can be accessed by them.
|
|
.Pp
|
|
Because there is no user-login or validation within
|
|
the
|
|
.Tn TFTP
|
|
protocol, the remote site will probably have some
|
|
sort of file-access restrictions in place.
|
|
The exact methods are specific to each site and therefore
|
|
difficult to document here.
|
|
.Pp
|
|
If unrestricted file upload is enabled via the
|
|
.Fl c
|
|
option, care should be taken that this can be used
|
|
to fill up disk space in an uncontrolled manner
|
|
if this is used in an insecure environment.
|