90c3bfc9b0
added note to tftpd.8 that this bug hits multiple tftp clients.
201 lines
5.4 KiB
Groff
201 lines
5.4 KiB
Groff
.\" $NetBSD: tftpd.8,v 1.13 2000/10/18 01:35:45 dogcow Exp $
|
|
.\"
|
|
.\" Copyright (c) 1983, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the University of
|
|
.\" California, Berkeley and its contributors.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" from: @(#)tftpd.8 8.1 (Berkeley) 6/4/93
|
|
.\"
|
|
.Dd July 29, 1998
|
|
.Dt TFTPD 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm tftpd
|
|
.Nd
|
|
.Tn DARPA
|
|
Internet Trivial File Transfer Protocol server
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Op Fl g Ar group
|
|
.Op Fl l
|
|
.Op Fl n
|
|
.Op Fl s Ar directory
|
|
.Op Fl u Ar user
|
|
.Op Ar directory ...
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
is a server which supports the
|
|
.Tn DARPA
|
|
Trivial File Transfer Protocol.
|
|
The
|
|
.Tn TFTP
|
|
server operates at the port indicated in the
|
|
.Ql tftp
|
|
service description; see
|
|
.Xr services 5 .
|
|
The server is normally started by
|
|
.Xr inetd 8 .
|
|
.Pp
|
|
The use of
|
|
.Xr tftp 1
|
|
does not require an account or password on the remote system.
|
|
Due to the lack of authentication information,
|
|
.Nm
|
|
will allow only publicly readable files to be accessed.
|
|
Filenames beginning in ``\|\fB.\|.\fP\|/'' or
|
|
containing ``/\|\fB.\|.\fP\|/'' are not allowed.
|
|
Files may be written to only if they already exist and are publicly writable.
|
|
.Pp
|
|
Note that this extends the concept of
|
|
.Qq public
|
|
to include
|
|
all users on all hosts that can be reached through the network;
|
|
this may not be appropriate on all systems, and its implications
|
|
should be considered before enabling tftp service.
|
|
The server should have the user ID with the lowest possible privilege.
|
|
.Pp
|
|
Access to files may be restricted by invoking
|
|
.Nm
|
|
with a list of directories by including up to 20 pathnames
|
|
as server program arguments in
|
|
.Pa /etc/inetd.conf .
|
|
In this case access is restricted to files whose
|
|
names are prefixed by the one of the given directories.
|
|
The given directories are also treated as a search path for
|
|
relative filename requests.
|
|
.Pp
|
|
The options are:
|
|
.Bl -tag -width "directory"
|
|
.It Fl g Ar group
|
|
Change gid to that of
|
|
.Ar group
|
|
on startup.
|
|
If this isn't specified, the gid is set to that of the
|
|
.Ar user
|
|
specified with
|
|
.Fl u .
|
|
.It Fl l
|
|
Logs all requests using
|
|
.Xr syslog 3 .
|
|
.It Fl n
|
|
Suppresses negative acknowledgement of requests for nonexistent
|
|
relative filenames.
|
|
.It Fl s Ar directory
|
|
.Nm
|
|
will
|
|
.Xr chroot 2
|
|
to
|
|
.Ar directory
|
|
on startup.
|
|
This is recommended for security reasons (so that files other than
|
|
those in the
|
|
.Pa /tftpboot
|
|
directory aren't accessable).
|
|
If the remote host passes the directory name as part of the
|
|
file name to transfer, you may have to create a symbolic link
|
|
from
|
|
.Sq tftpboot
|
|
to
|
|
.Sq \&.
|
|
under
|
|
.Pa /tftpboot .
|
|
.It Fl u Ar user
|
|
Change uid to that of
|
|
.Ar user
|
|
on startup.
|
|
If
|
|
.Fl u
|
|
isn't given,
|
|
.Ar user
|
|
defaults to
|
|
.Dq nobody .
|
|
If
|
|
.Fl g
|
|
isn't also given, change the gid to that of
|
|
.Ar user
|
|
as well.
|
|
.El
|
|
.Pp
|
|
.Sh SEE ALSO
|
|
.Xr tftp 1 ,
|
|
.Xr inetd 8
|
|
.Rs
|
|
.%R RFC
|
|
.%N 1350
|
|
.%D July 1992
|
|
.%T "The TFTP Protocol (Revision 2)"
|
|
.Re
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
command appeared in
|
|
.Bx 4.2 .
|
|
.Pp
|
|
The
|
|
.Fl s
|
|
flag appeared in
|
|
.Nx 1.0 .
|
|
.Pp
|
|
The
|
|
.Fl g
|
|
and
|
|
.Fl u
|
|
flags appeared in
|
|
.Nx 1.4 .
|
|
.Pp
|
|
IPv6 support was implemented by WIDE/KAME project in 1999.
|
|
.Sh BUGS
|
|
Files larger than 33488896 octets (65535 blocks) cannot be transferred
|
|
without client and server supporting blocksize negotiation (RFC1783).
|
|
.Pp
|
|
Many tftp clients will not transfer files over 16744448 octets (32767 blocks).
|
|
.Sh SECURITY CONSIDERATIONS
|
|
You are
|
|
.Em strongly
|
|
advised to setup
|
|
.Nm
|
|
using the
|
|
.Fl s
|
|
flag in conjunction with the name of the directory that
|
|
contains the files that
|
|
.Nm
|
|
will serve to remote hosts (e.g.,
|
|
.Pa /tftpboot ) .
|
|
This ensures that only the files that should be served
|
|
to remote hosts can be accessed by them.
|
|
.Pp
|
|
Because there is no user-login or validation within
|
|
the
|
|
.Tn TFTP
|
|
protocol, the remote site will probably have some
|
|
sort of file-access restrictions in place.
|
|
The exact methods are specific to each site and therefore
|
|
difficult to document here.
|