NAME¶
tftpd - Trivial File Transfer Protocol server
SYNOPSIS¶
in.tftpd [
options...]
directory...
DESCRIPTION¶
tftpd is a server for the Trivial File Transfer Protocol. The TFTP
protocol is extensively used to support remote booting of diskless devices.
The server is normally started by
inetd, but can also run standalone.
OPTIONS¶
- --ipv4, -4
- Connect with IPv4 only, even if IPv6 support was compiled
in.
- --ipv6, -6
- Connect with IPv6 only, if compiled in.
- -l, --listen
- Run the server in standalone (listen) mode, rather than run
from inetd. In listen mode, the --timeout option is ignored,
and the --address option can be used to specify a specific local
address or port to listen to.
- --foreground, -L
- Similar to --listen but do not detach from the
foreground process. Implies --listen.
- --address [address][:port], -a
[address][:port]
- Specify a specific address and port to listen
to when called with the --listen or --foreground option. The
default is to listen to the tftp port specified in
/etc/services on all local addresses.
Please note: Numeric IPv6 adresses must be enclosed in square
brackets to avoid ambiguity with the optional port information.
- --create, -c
- Allow new files to be created. By default, tftpd
will only allow upload of files that already exist. Files are created with
default permissions allowing anyone to read or write them, unless the
--permissive or --umask options are specified.
- --secure, -s
- Change root directory on startup. This means the remote
host does not need to pass along the directory as part of the transfer,
and may add security. When --secure is specified, exactly one
directory should be specified on the command line. The use of this
option is recommended for security as well as compatibility with some boot
ROMs which cannot be easily made to include a directory name in its
request.
- --user username, -u
username
- Specify the username which tftpd will run as; the
default is "nobody". The user ID, group ID, and (if possible on
the platform) the supplementary group IDs will be set to the ones
specified in the system permission database for this username.
- --umask umask, -U umask
- Sets the umask for newly created files to the
specified value. The default is zero (anyone can read or write) if the
--permissive option is not specified, or inherited from the
invoking process if --permissive is specified.
- --permissive, -p
- Perform no additional permissions checks above the normal
system-provided access controls for the user specified via the
--user option.
- --pidfile pidfile, -P
pidfile
- When run in standalone mode, write the process ID of the
listening server into pidfile. On normal termination (SIGTERM or
SIGINT) the pid file is automatically removed.
- --timeout timeout, -t
timeout
- When run from inetd this specifies how long, in
seconds, to wait for a second connection before terminating the server.
inetd will then respawn the server when another request comes in.
The default is 900 (15 minutes.)
- --retransmit timeout, -T
timeout
- Determine the default timeout, in microseconds, before the
first packet is retransmitted. This can be modified by the client if the
timeout or utimeout option is negotiated. The default is
1000000 (1 second.)
- --map-file remap-file, -m
remap-file
- Specify the use of filename remapping. The
remap-file is a file containing the remapping rules. See the
section on filename remapping below. This option may not be compiled in,
see the output of in.tftpd -V to verify whether or not it is
available.
- --verbose, -v
- Increase the logging verbosity of tftpd. This flag
can be specified multiple times for even higher verbosity.
- --verbosity value
- Set the verbosity value to value.
- --refuse tftp-option, -r
tftp-option
- Indicate that a specific RFC 2347 TFTP option should never
be accepted.
- --blocksize max-block-size, -B
max-block-size
- Specifies the maximum permitted block size. The permitted
range for this parameter is from 512 to 65464. Some embedded clients
request large block sizes and yet do not handle fragmented packets
correctly; for these clients, it is recommended to set this value to the
smallest MTU on your network minus 32 bytes (20 bytes for IP, 8 for UDP,
and 4 for TFTP; less if you use IP options on your network.) For example,
on a standard Ethernet (MTU 1500) a value of 1468 is reasonable.
- --port-range port:port, -R
port:port
- Force the server port number (the Transaction ID) to be in
the specified range of port numbers.
- --version, -V
- Print the version number and configuration to standard
output, then exit gracefully.
RFC 2347 OPTION NEGOTIATION¶
This version of
tftpd supports RFC 2347 option negotation. Currently
implemented options are:
- blksize (RFC 2348)
- Set the transfer block size to anything less than or equal
to the specified option. This version of tftpd can support any
block size up to the theoretical maximum of 65464 bytes.
- blksize2 (nonstandard)
- Set the transfer block size to anything less than or equal
to the specified option, but restrict the possible responses to powers of
2. The maximum is 32768 bytes (the largest power of 2 less than or equal
to 65464.)
- tsize (RFC 2349)
- Report the size of the file that is about to be
transferred. This version of tftpd only supports the tsize
option for binary (octet) mode transfers.
- timeout (RFC 2349)
- Set the time before the server retransmits a packet, in
seconds.
- utimeout (nonstandard)
- Set the time before the server retransmits a packet, in
microseconds.
- rollover (nonstandard)
- Set the block number to resume at after a block number
rollover. The default and recommended value is zero.
The
--refuse option can be used to disable specific options; this may be
necessary to work around bugs in specific TFTP client implementations. For
example, some TFTP clients have been found to request the
blksize
option, but crash with an error if they actually get the option accepted by
the server.
FILENAME REMAPPING¶
The
--map-file option specifies a file which contains filename remapping
rules. Each non-comment line (comments begin with hash marks,
#)
contains an
operation, specified below; a
regex, a regular
expression in the style of
egrep; and optionally a
replacement
pattern. The operation indicated by
operation is performed if the
regex matches all or part of the filename. Rules are processed from the
top down, and by default, all rules are processed even if there is a match.
The
operation can be any combination of the following letters:
- r
- Replace the substring matched by regex by the
replacement pattern. The replacement pattern may contain escape
sequences; see below.
- g
- Repeat this rule until it no longer matches. This is always
used with r.
- i
- Match the regex case-insensitively. By default it is
case sensitive.
- e
- If this rule matches, end rule processing after executing
the rule.
- s
- If this rule matches, start rule processing over from the
very first rule after executing this rule.
- a
- If this rule matches, refuse the request and send an access
denied error to the client.
- G
- This rule applies to GET (RRQ) requests only.
- P
- This rule applies to PUT (WRQ) requests only.
- ~
- Inverse the sense of this rule, i.e. execute the
operation only if the regex doesn't match. Cannot
used together with r.
The following escape sequences are recognized as part of the
replacement
pattern:
- \0
- The entire string matched by the regex.
- \1 to \9
- The strings matched by each of the first nine parenthesized
subexpressions, \( ... \), of the regex pattern.
- \i
- The IP address of the requesting host, in dotted-quad
notation (e.g. 192.0.2.169).
- \x
- The IP address of the requesting host, in hexadecimal
notation (e.g. C00002A9).
- \\
- Literal backslash.
- \whitespace
- Literal whitespace.
- \#
- Literal hash mark.
- \U
- Turns all subsequent letters to upper case.
- \L
- Turns all subsequent letters to lower case.
- \E
- Cancels the effect of \U or \L.
If the mapping file is changed, you need to send
SIGHUP to any
outstanding
tftpd process.
SECURITY¶
The use of TFTP services does not require an account or password on the server
system. Due to the lack of authentication information,
tftpd will allow
only publicly readable files (o+r) to be accessed, unless the
--permissive option is specified. Files may be written only if they
already exist and are publicly writable, unless the
--create option is
specified. Note that this extends the concept of ``public'' to include all
users on all hosts that can be reached through the network; this may not be
appropriate on all systems, and its implications should be considered before
enabling TFTP service. Typically, some kind of firewall or packet-filter
solution should be employed. If appropriately compiled (see the output of
in.tftpd --version)
tftpd will query the
hosts_access(5)
database for access control information. This may be slow; sites requiring
maximum performance may want to compile without this option and rely on
firewalling or kernel-based packet filters instead.
The server should be set to run as the user with the lowest possible privilege;
please see the
--user flag. It is probably a good idea to set up a
specific user account for
tftpd, rather than letting it run as
"nobody", to guard against privilege leaks between applications.
Access to files can, and should, be restricted by invoking
tftpd with a
list of directories by including pathnames as server program arguments on the
command line. In this case access is restricted to files whole names are
prefixed by one of the given directories. If possible, it is recommended that
the
--secure flag is used to set up a chroot() environment for the
server to run in once a connection has been set up.
Finally, the filename remapping (
--map-file flag) support can be used to
provide a limited amount of additional access control.
RFC 1123,
Requirements for Internet Hosts - Application and Support.
RFC 1350,
The TFTP Protocol (revision 2).
RFC 2347,
TFTP Option Extension.
RFC 2348,
TFTP Blocksize Option.
RFC 2349,
TFTP Timeout Interval and Transfer Size Options.
AUTHOR¶
This version of
tftpd is maintained by H. Peter Anvin
<hpa@zytor.com>. It was derived from, but has substantially diverged
from, an OpenBSD source base, with added patches by Markus Gutschke and Gero
Kulhman.
SEE ALSO¶
tftp(1),
egrep(1),
umask(2),
hosts_access(5),
regex(7),
inetd(8).