atftpd - Trivial File Transfer Protocol Server.
atftpd [options] directory
atftpd is a TFTP (RFC1350) server. By default it is started by inetd on
most sytems, but may run as a stand alone daemon. This server is
multi-threaded and supports all options described in RFC2347 (option
extension), RFC2348 (blksize), RFC2349 (tsize and timeout) and RFC2090
(multicast option). It also supports mtftp as defined in the PXE
This program supports both the usual GNU command line syntax, with long options
starting with two dashes ('-') as well as short options. A description of the
options is included below.
- -t, --tftpd-timeout <value>
- Number of seconds of inactivity before the server exits. This value has
meaning only when the server is started by inetd. In daemon mode, the
server never exits. Default is 300 seconds.
- -r, --retry-timeout <value>
- How many seconds to wait for a reply before retransmitting a packet.
Default is 5 seconds. This can be overridden by the TFTP client with the
- -m, --maxthread <value>
- Maximum number of concurrent threads allowed. Default is 100.
- -v, --verbose[=value]
- Increase or set the logging level. No arguments will increase by one the
current value. Default is LOG_NOTICE, see syslog(3) for log level. Valid
value range from 0 (LOG_EMERG) to 7 (LOG_DEBUG).
- When verbose level is set to 7, this will output debug information for
each packet sent or received from the network.
- disable 'timeout' from RFC2349. This will prevent the server from
acknowledging the 'timeout' option requested by the client.
- disable 'tsize' from RFC2349. This will prevent the server from
acknowledging the 'tsize' option requested by the client.
- disable 'blksize' from RFC2348. This will prevent the server from
acknowledging the 'blksize' request by the client.
- disable 'multicast' from RFC2090. This will prevent the server from
acknowledging the 'multicast' request by the client.
- --logfile <logfile>
- Log to a specific file instead of only syslog. 'nobody' (or any user used
to run the server) must have permissions on the given file. Assuming the
file is /var/log/atftpd.log, simply run: "touch
/var/log/atftpd.log" and then "chown nobody.nogroup
/var/log/atftpd.log". When the server is run in daemon mode,
/dev/stdout or /dev/stderr can be used. Specifying a single dash as the
filename will send logs to stdout (file descriptor 1).
- Write the PID of the server to the specified file. This may be useful when
automatically starting and stopping one or more instance of the server.
- Run as a daemon. Do not use this option if atftpd is started by inetd.
- When --daemon is specified, this option will prevent the server from
forking to background. It is useful for debugging purpose or specialized
- --user <user[.group]>
- By default, the server change identity to the user nobody and group
nogroup. Specify an alternate user.group with this option.
- --group <group>
- Alternate way of specifying the group. If group is specified with --user
and --group, the last option will be used.
- --port <number>
- Specify the port on which atftpd listens. Useful when --daemon is
specified. Default is standard tftp port as determined by
- --bind-address <IP address>
- Specify the IP address which atftpd binds to. Useful when --daemon is
specified. Default is to bind to all interfaces. Only one address can be
specified, the server can only listen to one or all interfaces.
- Specify the TTL to be used for multicast datagram. By default a value of 1
is used. Note that TTL has a special meaning in multicast as it is used to
determine the scope of the packets. The value of 1 means the packets don't
leave the local network, see ip(4). Scope may also be determine by the
address as described RFC2365.
- Specify the IP address range to be used for multicast transfer. Format
string may comprise range and list of values:
"220.127.116.11-31,128-132,200". Default value is
"18.104.22.168-255". This address range is proposed in RFC2365 for
- Specify the UDP port to use for multicast transfer. Format string may
contain range and list of port number: "1758-2000,8000-9000".
default value is "1758".
- --pcre <file>
- Specify a pattern/replacement file to use. This allow to replace requested
file name based on Perl Compatible Regular Expression. See README.PCRE.
- --pcre-test <file>
- Test a pattern/replacement file. When using this option, the server will
not start as usual but just read file name from stdin and printout the
- --mtftp <file>
- This will start a mtftp server thread for each valid entry in the supplied
file. See PXE specification for detail about mtftp. An example file is
provided in the source distribution.
- --mtftp-port <port>
- Port the mtftp server shall listen to for incomming request.
- In some specific cases of networks using load balancer or other equipment
performing NAT (network address translation), some needs to disable source
port checking because port number as been translated. If you want to use
this feature, you must know why you need it and the implication. Be aware
that this option violate the RFC1350. This option has effect only for
- This option allow the server to proceed with the next multicast client as
soon as the current client timeout. When the current master client fails
to send an acknowledge (ACK) to the server, the server will send an option
acknowledge (OACK) to the master client with the field MC (master client)
set to false and send an OACK to the next multicast client with MC set to
true. Without this option, the server will retry the current master client
up to 5 times and then mark it done, proceding with the next one.
- -V, --version
- Show version of program.
- -h, --help
- Show summary of options.
- This is the root directory used by the TFTP server. All requested files
from a TFTP client must reside in this directory. If not specified, the
directory defaults to /tftpboot. Since atftpd run as the nobody user, the
permission of the directory must be set properly to allow file reading and
Starting with release 0.2, the server collects some statistics. Currently the
server compute system load, time between connections and some thread
statistics like number of file sent, received, number of abort... To see those
stats in the logs, you need to set --verbose=6 (LOG_NOTICE) or higher.
TFTP by itself has no provision for security. There is no user authentication
and TFTP clients get access to all files within the specified root directory
for which the server has permission.
Some level of security can be gained using atftp libwrap support.
Adding proper entry to /etc/hosts.allow and /etc/hosts.deny will restrict
access to trusted hosts. Daemon name to use in these files is in.tftpd.
The atftpd server provides a way to dynamically replace requested file name by a
new one based on Perl compatible regular expression. Pairs of
pattern/replacement are read from the specified files. Upon reception of a
read request, the server will first try to open the file name requested. If it
fails, then it will search for a replacement based on the content of the
pattern file. If this still fails, then an error will be sent to the client.
This feature is available only for read request. It makes no sense doing this
substitution for client writing files to the server.
The mtftp name refer to multicasrt tftp as define by the PXE specification. See
pxespec.txt for the source of the specification. Note that this is not the
same as RFC2090. PXE compliant boot implements mtftp, not RFC2090.
inetd(8),hosts_access(5),libpcre(7), RFC1350, RFC2090,
RFC2347, RFC2348, RFC2349 and pxespec.pdf.
This manual page was written by Remi Lefebvre <firstname.lastname@example.org> and
Jean-Pierre Lefebvre <email@example.com>.