1.\" Copyright (c) 1983, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93
| 1.\" Copyright (c) 1983, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93
|
33.\" $FreeBSD: head/libexec/tftpd/tftpd.8 129680 2004-05-24 22:56:15Z mdodd $
| 33.\" $FreeBSD: head/libexec/tftpd/tftpd.8 131754 2004-07-07 19:57:16Z ru $
|
34.\"
35.Dd September 14, 2000
36.Dt TFTPD 8
37.Os
38.Sh NAME
39.Nm tftpd
40.Nd Internet Trivial File Transfer Protocol server
41.Sh SYNOPSIS
42.Nm /usr/libexec/tftpd
43.Op Fl cClnw
44.Op Fl s Ar directory
45.Op Fl u Ar user
46.Op Fl U Ar umask
47.Op Ar directory ...
48.Sh DESCRIPTION
49The
50.Nm
51utility is a server which supports the
52Internet Trivial File Transfer
53Protocol
54.Pq Tn RFC 1350 .
55The
56.Tn TFTP
57server operates
58at the port indicated in the
59.Ql tftp
60service description;
61see
62.Xr services 5 .
63The server is normally started by
64.Xr inetd 8 .
65.Pp
66The use of
67.Xr tftp 1
68does not require an account or password on the remote system.
69Due to the lack of authentication information,
70.Nm
71will allow only publicly readable files to be
72accessed.
73Files containing the string ``/\|\fB.\|.\fP\|/'' or starting with
74``\|\fB.\|.\fP\|/'' are not allowed.
75Files may be written only if they already exist and are publicly writable.
76Note that this extends the concept of
77.Dq public
78to include
79all users on all hosts that can be reached through the network;
80this may not be appropriate on all systems, and its implications
81should be considered before enabling tftp service.
82The server should have the user ID with the lowest possible privilege.
83.Pp
84Access to files may be restricted by invoking
85.Nm
86with a list of directories by including up to 20 pathnames
87as server program arguments in
88.Pa /etc/inetd.conf .
89In this case access is restricted to files whose
90names are prefixed by the one of the given directories.
91The given directories are also treated as a search path for
92relative filename requests.
93.Pp
94The
95.Fl s
96option provides additional security by changing
97.Nm Ns No 's
98root directory, thereby prohibiting accesses outside of the specified
99.Ar directory .
100Because
101.Xr chroot 2
102requires super-user privileges,
103.Nm
104must be run as root.
105However, after performing the
106.Fn chroot ,
107.Nm
108will set its user id to that of the specified
109.Ar user ,
110or
111.Dq nobody
112if no
113.Fl u
114option is specified.
115.Pp
116The options are:
117.Bl -tag -width Ds
118.It Fl c
119Changes the default root directory of a connecting host via chroot based on the
120connecting IP address.
121This prevents multiple clients from writing to the same file at the same time.
122If the directory does not exist, the client connection is refused.
123The
124.Fl s
125option is required for
126.Fl c
127and the specified
128.Ar directory
129is used as a base.
130.It Fl C
131Operates the same as
132.Fl c
133except it falls back to
134.Fl s Ns No 's
135.Ar directory
136if a directory does not exist for the client's IP.
137.It Fl l
138Log all requests using
139.Xr syslog 3
140with the facility of
141.Dv LOG_FTP .
142Note: Logging of
143.Dv LOG_FTP
144messages
145must also be enabled in the syslog configuration file,
146.Xr syslog.conf 5 .
147.It Fl n
148Suppress negative acknowledgement of requests for nonexistent
149relative filenames.
150.It Fl s Ar directory
151Cause
152.Nm
153to change its root directory to
154.Pa directory .
155After changing roots but before accepting commands,
156.Nm
157will switch credentials to an unprivileged user.
158.It Fl u Ar user
159Switch credentials to
160.Ar user
161(default
162.Dq nobody )
163when the
164.Fl s
165option is used.
166The user must be specified by name, not a numeric UID.
167.It Fl U Ar umask
168Set the
169.Ar umask
| 34.\"
35.Dd September 14, 2000
36.Dt TFTPD 8
37.Os
38.Sh NAME
39.Nm tftpd
40.Nd Internet Trivial File Transfer Protocol server
41.Sh SYNOPSIS
42.Nm /usr/libexec/tftpd
43.Op Fl cClnw
44.Op Fl s Ar directory
45.Op Fl u Ar user
46.Op Fl U Ar umask
47.Op Ar directory ...
48.Sh DESCRIPTION
49The
50.Nm
51utility is a server which supports the
52Internet Trivial File Transfer
53Protocol
54.Pq Tn RFC 1350 .
55The
56.Tn TFTP
57server operates
58at the port indicated in the
59.Ql tftp
60service description;
61see
62.Xr services 5 .
63The server is normally started by
64.Xr inetd 8 .
65.Pp
66The use of
67.Xr tftp 1
68does not require an account or password on the remote system.
69Due to the lack of authentication information,
70.Nm
71will allow only publicly readable files to be
72accessed.
73Files containing the string ``/\|\fB.\|.\fP\|/'' or starting with
74``\|\fB.\|.\fP\|/'' are not allowed.
75Files may be written only if they already exist and are publicly writable.
76Note that this extends the concept of
77.Dq public
78to include
79all users on all hosts that can be reached through the network;
80this may not be appropriate on all systems, and its implications
81should be considered before enabling tftp service.
82The server should have the user ID with the lowest possible privilege.
83.Pp
84Access to files may be restricted by invoking
85.Nm
86with a list of directories by including up to 20 pathnames
87as server program arguments in
88.Pa /etc/inetd.conf .
89In this case access is restricted to files whose
90names are prefixed by the one of the given directories.
91The given directories are also treated as a search path for
92relative filename requests.
93.Pp
94The
95.Fl s
96option provides additional security by changing
97.Nm Ns No 's
98root directory, thereby prohibiting accesses outside of the specified
99.Ar directory .
100Because
101.Xr chroot 2
102requires super-user privileges,
103.Nm
104must be run as root.
105However, after performing the
106.Fn chroot ,
107.Nm
108will set its user id to that of the specified
109.Ar user ,
110or
111.Dq nobody
112if no
113.Fl u
114option is specified.
115.Pp
116The options are:
117.Bl -tag -width Ds
118.It Fl c
119Changes the default root directory of a connecting host via chroot based on the
120connecting IP address.
121This prevents multiple clients from writing to the same file at the same time.
122If the directory does not exist, the client connection is refused.
123The
124.Fl s
125option is required for
126.Fl c
127and the specified
128.Ar directory
129is used as a base.
130.It Fl C
131Operates the same as
132.Fl c
133except it falls back to
134.Fl s Ns No 's
135.Ar directory
136if a directory does not exist for the client's IP.
137.It Fl l
138Log all requests using
139.Xr syslog 3
140with the facility of
141.Dv LOG_FTP .
142Note: Logging of
143.Dv LOG_FTP
144messages
145must also be enabled in the syslog configuration file,
146.Xr syslog.conf 5 .
147.It Fl n
148Suppress negative acknowledgement of requests for nonexistent
149relative filenames.
150.It Fl s Ar directory
151Cause
152.Nm
153to change its root directory to
154.Pa directory .
155After changing roots but before accepting commands,
156.Nm
157will switch credentials to an unprivileged user.
158.It Fl u Ar user
159Switch credentials to
160.Ar user
161(default
162.Dq nobody )
163when the
164.Fl s
165option is used.
166The user must be specified by name, not a numeric UID.
167.It Fl U Ar umask
168Set the
169.Ar umask
|
170for newly created files. The default is 022 (S_IWGRP|S_IWOTH).
| 170for newly created files.
171The default is 022
172.Pq Dv S_IWGRP | S_IWOTH .
|
171.It Fl w
| 173.It Fl w
|
172Allow writes requests to create new files. By default
| 174Allow writes requests to create new files.
175By default
|
173.Nm
174requires that the file specified in a write request exist.
175.El
176.Sh SEE ALSO
177.Xr tftp 1 ,
178.Xr chroot 2 ,
179.Xr inetd 8 ,
180.Xr syslogd 8
181.Rs
182.%A K. R. Sollins
183.%T The TFTP Protocol (Revision 2)
184.%D July 1992
185.%O RFC 1350, STD 33
186.Re
187.Sh HISTORY
188The
189.Nm
190utility appeared in
191.Bx 4.2 ;
192the
193.Fl s
194option was introduced in
195.Fx 2.2 ,
196the
197.Fl u
198option was introduced in
199.Fx 4.2 ,
200and the
201.Fl c
202option was introduced in
203.Fx 4.3 .
204.Sh BUGS
205Files larger than 33488896 octets (65535 blocks) cannot be transferred
206without client and server supporting blocksize negotiation (RFC1783).
207.Pp
208Many tftp clients will not transfer files over 16744448 octets (32767 blocks).
| 176.Nm
177requires that the file specified in a write request exist.
178.El
179.Sh SEE ALSO
180.Xr tftp 1 ,
181.Xr chroot 2 ,
182.Xr inetd 8 ,
183.Xr syslogd 8
184.Rs
185.%A K. R. Sollins
186.%T The TFTP Protocol (Revision 2)
187.%D July 1992
188.%O RFC 1350, STD 33
189.Re
190.Sh HISTORY
191The
192.Nm
193utility appeared in
194.Bx 4.2 ;
195the
196.Fl s
197option was introduced in
198.Fx 2.2 ,
199the
200.Fl u
201option was introduced in
202.Fx 4.2 ,
203and the
204.Fl c
205option was introduced in
206.Fx 4.3 .
207.Sh BUGS
208Files larger than 33488896 octets (65535 blocks) cannot be transferred
209without client and server supporting blocksize negotiation (RFC1783).
210.Pp
211Many tftp clients will not transfer files over 16744448 octets (32767 blocks).
|