Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages

RedHat 9 (Linux i386) - man page for in.tftpd (redhat section 8)

TFTPD(8)			     System Manager's Manual				 TFTPD(8)

NAME
       tftpd - IPv4 Trivial File Transfer Protocol server

SYNOPSIS
       in.tftpd [options...]  directory...

DESCRIPTION
       tftpd  is  a  server  for  the  IPv4 Trivial File Transfer Protocol.  The TFTP protocol is
       extensively used to support remote booting of diskless devices.	The  server  is  normally
       started by inetd, but can also run standalone.

OPTIONS
       -l     Run  the server in standalone (listen) mode, rather than run from inetd.	In listen
	      mode, the -t option is ignored, and the -a option can be used to specify a specific
	      local address or port to listen to.

       -a [address][:port]
	      Specify  a  specific  address and port to listen to when called with the -l option.
	      The default is to listen to the tftp port specified in /etc/services on  all  local
	      addresses.

       -c     Allow  new  files to be created.	By default, tftpd will only allow upload of files
	      that already exist.  Files are created with default permissions allowing anyone  to
	      read or write them, unless the -p or -U options are specified.

       -s     Change root directory on startup.  This means the remote host does not need to pass
	      along the directory as part of the transfer, and may  add  security.   When  -s  is
	      specified,  exactly one directory should be specified on the command line.  The use
	      of this option is recommended for security as well as compatibility with some  boot
	      ROMs which cannot be easily made to include a directory name in its request.

       -u username
	      Specify  the  username  which tftpd will run as; the default is "nobody".  The user
	      ID, group ID, and (if possible on the platform) the supplementary group IDs will be
	      set to the ones specified in the system permission database for this username.

       -U umask
	      Sets the umask for newly created files to the specified value.  The default is zero
	      (anyone can read or write) if the -p option is not specified, or inherited from the
	      invoking process if -p is specified.

       -p     Perform  no  additional  permissions checks above the normal system-provided access
	      controls for the user specified via the -u option.

       -t timeout
	      When run from inetd this specifies how long, in seconds, to wait for a second  con-
	      nection  before  terminating  the  server.  inetd will then respawn the server when
	      another request comes in.  The default is 900 (15 minutes.)

       -T timeout
	      Determine the default timeout, in microseconds, before the first packet is retrans-
	      mitted.	This  can  be modified by the client if the timeout or utimeout option is
	      negotiated.  The default is 1000000 (1 second.)

       -m remap-file
	      Specify the use of filename remapping.  The remap-file is  a  file  containing  the
	      remapping rules.	See the section on filename remapping below.  This option may not
	      be compiled in, see the output of in.tftpd -V to verify whether or not it is avail-
	      able.

       -v     Increase the logging verbosity of tftpd.	This flag can be specified multiple times
	      for even higher verbosity.

       -r tftp-option
	      Indicate that a specific RFC 2347 TFTP option should never be accepted.

       -V     Print the version number and configuration to standard  output,  then  exit  grace-
	      fully.

RFC 2347 OPTION NEGOTIATION
       This  version of tftpd supports RFC 2347 option negotation.  Currently implemented options
       are:

       blksize (RFC 2348)
	      Set the transfer block size to anything less than or equal to the specified option.
	      This  version  of tftpd can support any block size up to the theoretical maximum of
	      65464 bytes.

       blksize2 (nonstandard)
	      Set the transfer block size to anything less than or equal to the specified option,
	      but  restrict  the  possible  responses to powers of 2.  The maximum is 32768 bytes
	      (the largest power of 2 less than or equal to 65464.)

       tsize (RFC 2349)
	      Report the size of the file that is about to be transferred.  This version of tftpd
	      only supports the tsize option for binary (octet) mode transfers.

       timeout (RFC 2349)
	      Set the time before the server retransmits a packet, in seconds.

       utimeout (nonstandard)
	      Set the time before the server retransmits a packet, in microseconds.  and

       The  -r	option	can  be  used  to disable specific options; this may be necessary to work
       around bugs in specific TFTP client implementations.  For example, some TFTP clients  have
       been found to request the blksize option, but crash with an error if they actually get the
       option accepted by the server.

FILENAME REMAPPING
       The -m option specifies a file which contains filename remapping rules.	Each  non-comment
       line  (comments begin with hash marks, #) contains an operation, specified below; a regex,
       a regular expression in the style of egrep; and optionally  a  replacement  pattern.   The
       operation  indicated  by  operation  is	performed if the regex matches all or part of the
       filename.  Rules are processed from the top down, and by default, all rules are	processed
       even if there is a match.

       The operation can be any combination of the following letters:

       r      Replace the substring matched by regex by the replacement pattern.  The replacement
	      pattern may contain escape sequences; see below.

       g      Repeat this rule until it no longer matches.  This is always used with r.

       i      Match the regex case-insensitively.  By default it is case sensitive.

       e      If this rule matches, end rule processing after executing the rule.

       s      If this rule matches, start rule processing over from the  very  first  rule  after
	      executing this rule.

       a      If  this	rule  matches,	refuse the request and send an access denied error to the
	      client.

       G      This rule applies to GET (RRQ) requests only.

       P      This rule applies to PUT (WRQ) requests only.

       The following escape sequences are recognized as part of the replacement pattern:

       \0     The entire string matched by the regex.

       \1 to \9
	      The strings matched by each of the first nine parenthesized subexpressions, \(  ...
	      \), of the regex pattern.

       \i     The IP address of the requesting host, in dotted-quad notation (e.g. 192.0.2.169).

       \x     The IP address of the requesting host, in hexadecimal notation (e.g. C00002A9).

       \\     Literal backslash.

       \whitespace
	      Literal whitespace.

       \#     Literal hash mark.

       If the mapping file is changed, you need to send SIGHUP to any outstanding tftpd process.

SECURITY
       The  use  of  TFTP  services does not require an account or password on the server system.
       Due to the lack of authentication information, tftpd will  allow  only  publicly  readable
       files  (o+r) to be accessed, unless the -p option is specified.	Files may be written only
       if they already exist and are publicly writable, unless the -c option is specified.   Note
       that  this extends the concept of ``public'' to include all users on all hosts that can be
       reached through the network; this may not be appropriate on all systems, and its  implica-
       tions should be considered before enabling TFTP service.  Typically, some kind of firewall
       or packet-filter solution should be employed.  If appropriately compiled (see  the  output
       of  in.tftpd -V) tftpd will query the hosts_access(5) database for access control informa-
       tion.  This may be slow; sites requiring maximum performance may want to  compile  without
       this option and rely on firewalling or kernel-based packet filters instead.

       The server should be set to run as the user with the lowest possible privilege; please see
       the -u flag.  It is probably a good idea to set up a  specific  user  account  for  tftpd,
       rather  than letting it run as "nobody", to guard against privilege leaks between applica-
       tions.

       Access to files can, and should, be restricted by invoking tftpd with a list  of  directo-
       ries by including pathnames as server program arguments on the command line.  In this case
       access is restricted to files whole names are prefixed by one of  the  given  directories.
       If  possible,  it is recommended that the -s flag is used to set up a chroot() environment
       for the server to run in once a connection has been set up.

       Finally, the filename remapping (-m flag) support can be used to provide a limited  amount
       of additional access control.

CONFORMING TO
       RFC 1123, Requirements for Internet Hosts - Application and Support.
       RFC 1350, The TFTP Protocol (revision 2).
       RFC 2347, TFTP Option Extension.
       RFC 2348, TFTP Blocksize Option.
       RFC 2349, TFTP Timeout Interval and Transfer Size Options.

AUTHOR
       This  version  of  tftpd  is maintained by H. Peter Anvin <hpa@zytor.com>.  It was derived
       from, but has substantially diverged from, an OpenBSD source base, with added  patches  by
       Markus Gutschke and Gero Kulhman.

SEE ALSO
       tftp(1), egrep(1), umask(2), hosts_access(5), regex(7), inetd(8).

tftp-hpa 0.32				 23 October 2002				 TFTPD(8)


All times are GMT -4. The time now is 01:47 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password