in.tftpd
TFTPD(8) System Manager’s Manual TFTPD(8)
NAME
tftpd - IPv4 Trivial File Transfer Protocol server
SYNOPSIS
in.tftpd [options...] directory...
DESCRIPTION
tftpd is a server for the IPv4 Trivial File Transfer Protocol. The
TFTP protocol is extensively used to support remote booting of disk-
less devices. The server is normally started by inetd, but can also
run standalone.
OPTIONS
-l Run the server in standalone (listen) mode, rather than run
from inetd. In listen mode, the -t option is ignored, and the
-a option can be used to specify a specific local address or
port to listen to.
-a [address][:port]
Specify a specific address and port to listen to when called
with the -l option. The default is to listen to the tftp port
specified in /etc/services on all local addresses.
-c Allow new files to be created. By default, tftpd will only
allow upload of files that already exist. Files are created
with default permissions allowing anyone to read or write them,
unless the -p or -U options are specified.
-s Change root directory on startup. This means the remote host
does not need to pass along the directory as part of the trans-
fer, and may add security. When -s is specified, exactly one
directory should be specified on the command line. The use of
this option is recommended for security as well as compatibil-
ity with some boot ROMs which cannot be easily made to include
a directory name in its request.
-u username
Specify the username which tftpd will run as; the default is
"nobody". The user ID, group ID, and (if possible on the plat-
form) the supplementary group IDs will be set to the ones spec-
ified in the system permission database for this username.
-U umask
Sets the umask for newly created files to the specified value.
The default is zero (anyone can read or write) if the -p option
is not specified, or inherited from the invoking process if -p
is specified.
-p Perform no additional permissions checks above the normal sys-
tem-provided access controls for the user specified via the -u
option.
-t timeout
When run from inetd this specifies how long, in seconds, to
wait for a second connection before terminating the server.
inetd will then respawn the server when another request comes
in. The default is 900 (15 minutes.)
-T timeout
Determine the default timeout, in microseconds, before the
first packet is retransmitted. This can be modified by the
client if the timeout or utimeout option is negotiated. The
default is 1000000 (1 second.)
-m remap-file
Specify the use of filename remapping. The remap-file is a
file containing the remapping rules. See the section on file-
name remapping below. This option may not be compiled in, see
the output of in.tftpd -V to verify whether or not it is avail-
able.
-v Increase the logging verbosity of tftpd. This flag can be
specified multiple times for even higher verbosity.
-r tftp-option
Indicate that a specific RFC 2347 TFTP option should never be
accepted.
-B max-block-size
Specifies the maximum permitted block size. The permitted
range for this parameter is from 512 to 65464. Some embedded
clients request large block sizes and yet do not handle frag-
mented packets correctly; for these clients, it is recommended
to set this value to the smallest MTU on your network minus 32
bytes (20 bytes for IP, 8 for UDP, and 4 for TFTP; less if you
use IP options on your network.) For example, on a standard
Ethernet (MTU 1500) a value of 1468 is reasonable.
-V Print the version number and configuration to standard output,
then exit gracefully.
RFC 2347 OPTION NEGOTIATION
This version of tftpd supports RFC 2347 option negotation. Currently
implemented options are:
blksize (RFC 2348)
Set the transfer block size to anything less than or equal to
the specified option. This version of tftpd can support any
block size up to the theoretical maximum of 65464 bytes.
blksize2 (nonstandard)
Set the transfer block size to anything less than or equal to
the specified option, but restrict the possible responses to
powers of 2. The maximum is 32768 bytes (the largest power of
2 less than or equal to 65464.)
tsize (RFC 2349)
Report the size of the file that is about to be transferred.
This version of tftpd only supports the tsize option for binary
(octet) mode transfers.
timeout (RFC 2349)
Set the time before the server retransmits a packet, in sec-
onds.
utimeout (nonstandard)
Set the time before the server retransmits a packet, in
microseconds.
The -r option can be used to disable specific options; this may be
necessary to work around bugs in specific TFTP client implementations.
For example, some TFTP clients have been found to request the blksize
option, but crash with an error if they actually get the option
accepted by the server.
FILENAME REMAPPING
The -m option specifies a file which contains filename remapping
rules. Each non-comment line (comments begin with hash marks, #)
contains an operation, specified below; a regex, a regular expression
in the style of egrep; and optionally a replacement pattern. The
operation indicated by operation is performed if the regex matches all
or part of the filename. Rules are processed from the top down, and
by default, all rules are processed even if there is a match.
The operation can be any combination of the following letters:
r Replace the substring matched by regex by the replacement pat-
tern. The replacement pattern may contain escape sequences;
see below.
g Repeat this rule until it no longer matches. This is always
used with r.
i Match the regex case-insensitively. By default it is case sen-
sitive.
e If this rule matches, end rule processing after executing the
rule.
s If this rule matches, start rule processing over from the very
first rule after executing this rule.
a If this rule matches, refuse the request and send an access
denied error to the client.
G This rule applies to GET (RRQ) requests only.
P This rule applies to PUT (WRQ) requests only.
~ Inverse the sense of this rule, i.e. execute the operation only
if the regex doesn’t match. Cannot used together with r.
The following escape sequences are recognized as part of the replace-
ment pattern:
\0 The entire string matched by the regex.
\1 to \9
The strings matched by each of the first nine parenthesized
subexpressions, \( ... \), of the regex pattern.
\i The IP address of the requesting host, in dotted-quad notation
(e.g. 192.0.2.169).
\x The IP address of the requesting host, in hexadecimal notation
(e.g. C00002A9).
\\ Literal backslash.
\whitespace
Literal whitespace.
\# Literal hash mark.
\U Turns all subsequent letters to upper case.
\L Turns all subsequent letters to lower case.
\E Cancels the effect of \U or \L.
If the mapping file is changed, you need to send SIGHUP to any out-
standing tftpd process.
SECURITY
The use of TFTP services does not require an account or password on
the server system. Due to the lack of authentication information,
tftpd will allow only publicly readable files (o+r) to be accessed,
unless the -p option is specified. Files may be written only if they
already exist and are publicly writable, unless the -c option is spec-
ified. Note that this extends the concept of ‘‘public’’ to include
all users on all hosts that can be reached through the network; this
may not be appropriate on all systems, and its implications should be
considered before enabling TFTP service. Typically, some kind of
firewall or packet-filter solution should be employed. If appropri-
ately compiled (see the output of in.tftpd -V) tftpd will query the
hosts_access(5) database for access control information. This may be
slow; sites requiring maximum performance may want to compile without
this option and rely on firewalling or kernel-based packet filters
instead.
The server should be set to run as the user with the lowest possible
privilege; please see the -u flag. It is probably a good idea to set
up a specific user account for tftpd, rather than letting it run as
"nobody", to guard against privilege leaks between applications.
Access to files can, and should, be restricted by invoking tftpd with
a list of directories by including pathnames as server program argu-
ments on the command line. In this case access is restricted to files
whole names are prefixed by one of the given directories. If possi-
ble, it is recommended that the -s flag is used to set up a chroot()
environment for the server to run in once a connection has been set
up.
Finally, the filename remapping (-m flag) support can be used to pro-
vide a limited amount of additional access control.
CONFORMING TO
RFC 1123, Requirements for Internet Hosts - Application and Support.
RFC 1350, The TFTP Protocol (revision 2).
RFC 2347, TFTP Option Extension.
RFC 2348, TFTP Blocksize Option.
RFC 2349, TFTP Timeout Interval and Transfer Size Options.
AUTHOR
This version of tftpd is maintained by H. Peter Anvin <hpa@zytor.com>.
It was derived from, but has substantially diverged from, an OpenBSD
source base, with added patches by Markus Gutschke and Gero Kulhman.
SEE ALSO
tftp(1), egrep(1), umask(2), hosts_access(5), regex(7), inetd(8).
tftp-hpa 0.39 3 September 2004 TFTPD(8)
