NAME
tftpd — trivial file transfer protocol server
SYNOPSIS
/usr/lbin/tftpd
[-l]
[-R
retran-seconds]
[-r
blksize|timeout|tsize]
[-s]
[-T
total-seconds]
[-L
port]
[-U
port]
[path ...]
DESCRIPTION
tftpd
is a server that supports the
Internet
Trivial File Transfer Protocol (RFC783).
The TFTP server operates at the port indicated in the
tftp
service description (see
services(4)).
The server is normally started by
inetd
using the
/etc/inetd.conf
file (see
inetd(1M)
and
inetd.conf(4)).
Options
tftpd
supports the following options:
- -l
This option writes the debugging information into the syslog file.
- -R
This option specifies the per-packet retransmission timeout, in seconds.
The default value is 5 seconds.
- -r blksize|timeout|tsize
This option disables the client side options:
blksize (blocksize),
timeout (retransmission timeout),
and
tsize (transfer file size)
individually. By default, these options are enabled.
For example, to disable timeout negotiation between a client and the server,
start the server with the following command:
tftpd -r timeout
- -s
This option enables
tftpd
to work in the Service Guard environment. This option is required for some
tftp
clients. These clients reject the
tftp
reply received from a different IP address
than the one requested when the server's interface is configured
with an alias
IP address.
- -T
This option specifies the total retransmission timeout, in seconds.
The default value is 25 seconds.
- -L port
This option specifies the lower limit of the port range for data transfer.
- -U port
This option specifies the upper limit of the port range for data transfer.
-
NOTE: The
NDD
tunables should be considered before defining the
-L and
-U options.
If the
-L
option is defined without using the
-U
option, the upper limit is set to 65535. If the
-U
option is defined without using the
-L
option, the lower limit is set to 1024.
The
path
parameter has the following effects:
tftpd
operates in either of two modes or their combination. The first
mode requires a defined home directory for the pseudo-user
tftp,
and looks for files relative to that path. The second mode
requires one or more
paths
be specified on the command line, and allows access only to files
whose paths match or begin with one of the command line specifications.
The first mode is backward-compatible with previous releases of HP-UX
and supports somewhat tighter security. The second mode is compatible
with other vendors' implementations of
tftpd
and allows greater flexibility in accessing files.
If no
path
is specified on the command line,
tftpd
requires an entry in the
/etc/passwd
database (see
passwd(4))
for an account (pseudo-user) named
tftp.
The password field should be
*,
the group membership should be
guest,
and the login shell should be
/usr/bin/false.
For example (assuming the guest group ID is 101):
tftp:*:510:101:tftp server:/home/tftpdir:/usr/bin/false
tftpd
uses a call to
chroot()
to change its root directory to be the same as the home directory
of the pseudo-user
tftp.
This restricts access by
tftp
clients to only those files found below the
tftp
home directory (see
chroot(2)).
Furthermore,
tftp
clients can only read files in that directory if they are readable
by the pseudo-user
tftp,
and
tftp
clients can only write files in that directory if they exist
and are writable by the pseudo-user
tftp.
If any
path
is specified on the command line,
tftpd
does not require that a pseudo-user named
tftp
exist in
/etc/passwd.
The specified
paths
control access to files by
tftp
clients.
Each
path
is treated as being relative to
/
(not the
tftp
home directory), and can be either a directory or a file.
tftpd
disallows a client access to any file that does not match
entirely or in its initial components one of the restriction
paths.
It also disallows access to any file path containing
``..''.
However, an accessed file can be a symbolic link
that points outside the set of restricted paths.
If any
path
is specified on the command line and the
tftp
home directory is defined and is not
/,
tftpd
first looks for a file relative to (under) the home directory.
If the file is not found there, then
tftpd
looks for the file relative to
/
with path restrictions applied.
Thus if two files with the same name can be found in both locations,
tftpd
accesses the one under
tftp's
home directory.
Note that
inetd
allows continuation of command lines in
inetd.conf
by ending continued lines with a backlash.
Defining the
tftp
pseudo-user is strongly recommended even when
paths
are specified, because client access is further restricted to files
that can be read and/or written by this pseudo-user.
It is safe to set the
tftp
pseudo-user's home directory to
/
in this case.
DIAGNOSTICS
The following diagnostics are logged to the
syslogd
facility at the
err
log level (see
syslogd(1M)).
- No security mechanism exists
The pseudo-user
tftp
was not found in the password database
(/etc/passwd),
and
tftpd
was invoked without any
path
arguments.
Add or correct the entry for the pseudo-user
tftp
in the password database
/etc/passwd.
Or, add an access list
(path
arguments) to the
tftpd
arguments in the
inetd
configuration file
/etc/inetd.conf.
Reconfigure
inetd
with the command
inetd -c.
- Unknown option option ignored
An invalid option was specified in the
tftpd
arguments in the
inetd
configuration file
/etc/inetd.conf.
Remove or correct the option.
Restart
inetd
with the command
inetd -c.
- Invalid total timeout value
The value given for the
-T
option was not a number or was a negative number.
Correct the value given for the
-T
option.
Reconfigure
inetd
with the command
inetd -c.
- Invalid retransmission timeout value
The value given for the
-R
option was not a number or was a negative number.
Correct the value given for the
-R
option.
Reconfigure
inetd
with the command
inetd -c.
- system call:
The named
system call
failed.
See the corresponding manual entry for a description of the system call.
The reason for the failure is explained in the error message appended
to the system call.
WARNINGS
When invoked with no
path
arguments,
tftpd
cannot follow symbolic links that refer to paths
outside of the home directory of the pseudo-user
tftp,
because it performs a
chroot().
AUTHOR
tftpd
was developed by the University of California, Berkeley, and Hewlett-Packard.
STANDARDS CONFORMANCE
tftpd:
RFC783,
RFC2347,
RFC2348,
RFC2349.
Printable version
