Info Node: (inetutils.info)tftpd invocation

CFHT HOME inetutils.info: tftpd invocation

up: Top next: rshd invocation prev: ftpd invocation Back to Software Index 

21 'tftpd': TFTP server
***********************

'tftpd' is intended to be invoked via 'inetd' at all times.

Synopsis:

     tftpd [OPTIONS] [DIRECTORY ...]

'-g GROUP'
'--group=GROUP'
     Specify group membership of the process owner.  This is used only
     along with the option '-s', and replaces the group membership that
     comes from the process owner himself.

'-l'
'--logging'
     Enable logging.

'-n'
'--nonexistent'
     Supress negative acknowledgement of requests for nonexistent
     relative filenames.

'-s DIR'
'--secure-dir=DIR'
     Let the serving process change its root directory to DIR before
     attending to any requests.  This directory is not observable by any
     client, but improves server isolation, since servable contents must
     be located below this chrooted directory DIR.

'-u USER'
'--user=USER'
     Specify the process owner for serving requests.  Only relevant
     along with the option '-s'.  The default name is 'nobody'.

21.1 Directory prefixes
=======================

In addition to options, an invocation of 'tftpd' can specify an optional
list of directory prefixes.  These are approved of according to two
principles:

   * Relative pathnames are ignored.

   * At most twenty prefixes are approved, the rest is discarded.

A request for a file is decided upon as a consequence of evaluating
these criteria:

   * Every file request containing the substring '/../' is denied, as is
     a file name beginning with '../'.

   * Write requests must specify absolute locations.

   * A file request, if specified as an _absolute_ pathname, must begin
     with one of the approved directory prefixes, should at least one
     such prefix have been accepted.

   * In the absence of a prefix collection, any absolute pathname is
     accepted, should the corresponding file exist.

   * A file request, if specified as a _relative_ name, will only be
     searched for below the acceptable prefixes, should at least one
     such prefix have been approved.

   * A request for a relatively named file, is denied in the absence of
     approved directory prefixes.

   * The resulting file must be world readable, or world writable, for a
     read request, or a write request, to succeed.

21.2 Use cases
==============

The standard use case is an entry in '/etc/inetd.conf' like

     tftp dgram udp4 wait root /usr/sbin/tftpd \
            tftpd /tftpboot /altboot

This would allow the TFTP client to use any of

     get kernel
     get /tftpboot/kernel
     get kernel.alt
     get /altboot/kernel.alt
     get /etc/motd

given that '/tftpboot/kernel' and '/altboot/kernel.alt' exist.  Observe
that also '/etc/motd' is accessible, inspite there being no explicit
mention of standard file locations.

   A stronger mode of running a TFTP server is to use the 'secure mode',
meaning that the serving process is running in a chrooted mode.  Then a
suitable configuration could be

     tftp dgram udp4 wait root /usr/sbin/tftpd \
            tftpd --secure-dir=/srv/tftp-root  /tftpboot /altboot

Supposing that the files '/srv/tftp-root/tftpboot/kernel' and
'/srv/tftp-root/altboot/kernel.alt' were available, all the previously
suggested client requests for a kernel would still be granted, but now
any request for '/etc/motd' would be declined, and would get a reply
'File not found' back.

   The chrooted setting is denying access outside of '/srv/tftp-root',
yet is not indicating this lock-in to the client, and is thus improving
server isolation.  Since neither of '-u' and '-g' were specified, the
configuration reproduced above will in fact have the transmitting server
process running with the default owner set to 'nobody:nogroup'.
automatically generated by info2www version 1.2