TFTPD(8) System Manager's Manual

1. TFTPD(8) System Manager's Manual TFTPD(8)
2.  
3.  
4.  
5. NAME
6. tftpd - Trivial File Transfer Protocol server
7.  
8. SYNOPSIS
9. in.tftpd [options...] directory...
10.  
11. DESCRIPTION
12. tftpd is a server for the Trivial File Transfer Protocol. The TFTP protocol is extensively used to support remote
13. booting of diskless devices. The server is normally started by inetd, but can also run standalone.
14.  
15. OPTIONS
16. --ipv4, -4
17. Connect with IPv4 only, even if IPv6 support was compiled in.
18.  
19. --ipv6, -6
20. Connect with IPv6 only, if compiled in.
21.  
22. -l, --listen
23. Run the server in standalone (listen) mode, rather than run from inetd. In listen mode, the --timeout option
24. is ignored, and the --address option can be used to specify a specific local address or port to listen to.
25.  
26. --foreground, -L
27. Similar to --listen but do not detach from the foreground process. Implies --listen.
28.  
29. --address [address][:port], -a [address][:port]
30. Specify a specific address and port to listen to when called with the --listen or --foreground option. The
31. default is to listen to the tftp port specified in /etc/services on all local addresses.
32.  
33. Please note: Numeric IPv6 adresses must be enclosed in square brackets to avoid ambiguity with the optional
34. port information.
35.  
36. --create, -c
37. Allow new files to be created. By default, tftpd will only allow upload of files that already exist. Files
38. are created with default permissions allowing anyone to read or write them, unless the --permissive or
39. --umask options are specified.
40.  
41. --secure, -s
42. Change root directory on startup. This means the remote host does not need to pass along the directory as
43. part of the transfer, and may add security. When --secure is specified, exactly one directory should be
44. specified on the command line. The use of this option is recommended for security as well as compatibility
45. with some boot ROMs which cannot be easily made to include a directory name in its request.
46.  
47. --user username, -u username
48. Specify the username which tftpd will run as; the default is "nobody". The user ID, group ID, and (if possi‐
49. ble on the platform) the supplementary group IDs will be set to the ones specified in the system permission
50. database for this username.
51.  
52. --umask umask, -U umask
53. Sets the umask for newly created files to the specified value. The default is zero (anyone can read or
54. write) if the --permissive option is not specified, or inherited from the invoking process if --permissive is
55. specified.
56.  
57. --permissive, -p
58. Perform no additional permissions checks above the normal system-provided access controls for the user speci‐
59. fied via the --user option.
60.  
61. --pidfile pidfile, -P pidfile
62. When run in standalone mode, write the process ID of the listening server into pidfile. On normal termina‐
63. tion (SIGTERM or SIGINT) the pid file is automatically removed.
64.  
65. --timeout timeout, -t timeout
66. When run from inetd this specifies how long, in seconds, to wait for a second connection before terminating
67. the server. inetd will then respawn the server when another request comes in. The default is 900 (15 min‐
68. utes.)
69.  
70. --retransmit timeout, -T timeout
71. Determine the default timeout, in microseconds, before the first packet is retransmitted. This can be modi‐
72. fied by the client if the timeout or utimeout option is negotiated. The default is 1000000 (1 second.)
73.  
74. --map-file remap-file, -m remap-file
75. Specify the use of filename remapping. The remap-file is a file containing the remapping rules. See the
76. section on filename remapping below. This option may not be compiled in, see the output of in.tftpd -V to
77. verify whether or not it is available.
78.  
79. --verbose, -v
80. Increase the logging verbosity of tftpd. This flag can be specified multiple times for even higher ver‐
81. bosity.
82.  
83. --verbosity value
84. Set the verbosity value to value.
85.  
86. --refuse tftp-option, -r tftp-option
87. Indicate that a specific RFC 2347 TFTP option should never be accepted.
88.  
89. --blocksize max-block-size, -B max-block-size
90. Specifies the maximum permitted block size. The permitted range for this parameter is from 512 to 65464.
91. Some embedded clients request large block sizes and yet do not handle fragmented packets correctly; for these
92. clients, it is recommended to set this value to the smallest MTU on your network minus 32 bytes (20 bytes for
93. IP, 8 for UDP, and 4 for TFTP; less if you use IP options on your network.) For example, on a standard Eth‐
94. ernet (MTU 1500) a value of 1468 is reasonable.
95.  
96. --port-range port:port, -R port:port
97. Force the server port number (the Transaction ID) to be in the specified range of port numbers.
98.  
99. --version, -V
100. Print the version number and configuration to standard output, then exit gracefully.
101.  
102. RFC 2347 OPTION NEGOTIATION
103. This version of tftpd supports RFC 2347 option negotation. Currently implemented options are:
104.  
105. blksize (RFC 2348)
106. Set the transfer block size to anything less than or equal to the specified option. This version of tftpd
107. can support any block size up to the theoretical maximum of 65464 bytes.
108.  
109. blksize2 (nonstandard)
110. Set the transfer block size to anything less than or equal to the specified option, but restrict the possible
111. responses to powers of 2. The maximum is 32768 bytes (the largest power of 2 less than or equal to 65464.)
112.  
113. tsize (RFC 2349)
114. Report the size of the file that is about to be transferred. This version of tftpd only supports the tsize
115. option for binary (octet) mode transfers.
116.  
117. timeout (RFC 2349)
118. Set the time before the server retransmits a packet, in seconds.
119.  
120. utimeout (nonstandard)
121. Set the time before the server retransmits a packet, in microseconds.
122.  
123. rollover (nonstandard)
124. Set the block number to resume at after a block number rollover. The default and recommended value is zero.
125.  
126. The --refuse option can be used to disable specific options; this may be necessary to work around bugs in specific
127. TFTP client implementations. For example, some TFTP clients have been found to request the blksize option, but
128. crash with an error if they actually get the option accepted by the server.
129.  
130. FILENAME REMAPPING
131. The --map-file option specifies a file which contains filename remapping rules. Each non-comment line (comments
132. begin with hash marks, #) contains an operation, specified below; a regex, a regular expression in the style of
133. egrep; and optionally a replacement pattern. The operation indicated by operation is performed if the regex matches
134. all or part of the filename. Rules are processed from the top down, and by default, all rules are processed even if
135. there is a match.
136.  
137. The operation can be any combination of the following letters:
138.  
139. r Replace the substring matched by regex by the replacement pattern. The replacement pattern may contain
140. escape sequences; see below.
141.  
142. g Repeat this rule until it no longer matches. This is always used with r.
143.  
144. i Match the regex case-insensitively. By default it is case sensitive.
145.  
146. e If this rule matches, end rule processing after executing the rule.
147.  
148. s If this rule matches, start rule processing over from the very first rule after executing this rule.
149.  
150. a If this rule matches, refuse the request and send an access denied error to the client.
151.  
152. G This rule applies to GET (RRQ) requests only.
153.  
154. P This rule applies to PUT (WRQ) requests only.
155.  
156. ~ Inverse the sense of this rule, i.e. execute the operation only if the regex doesn't match. Cannot used
157. together with r.
158.  
159. The following escape sequences are recognized as part of the replacement pattern:
160.  
161. \0 The entire string matched by the regex.
162.  
163. \1 to \9
164. The strings matched by each of the first nine parenthesized subexpressions, \( ... \), of the regex pattern.
165.  
166. \i The IP address of the requesting host, in dotted-quad notation (e.g. 192.0.2.169).
167.  
168. \x The IP address of the requesting host, in hexadecimal notation (e.g. C00002A9).
169.  
170. \\ Literal backslash.
171.  
172. \whitespace
173. Literal whitespace.
174.  
175. \# Literal hash mark.
176.  
177. \U Turns all subsequent letters to upper case.
178.  
179. \L Turns all subsequent letters to lower case.
180.  
181. \E Cancels the effect of \U or \L.
182.  
183. If the mapping file is changed, you need to send SIGHUP to any outstanding tftpd process.
184.  
185. SECURITY
186. The use of TFTP services does not require an account or password on the server system. Due to the lack of authenti‐
187. cation information, tftpd will allow only publicly readable files (o+r) to be accessed, unless the --permissive
188. option is specified. Files may be written only if they already exist and are publicly writable, unless the --create
189. option is specified. Note that this extends the concept of ``public'' to include all users on all hosts that can be
190. reached through the network; this may not be appropriate on all systems, and its implications should be considered
191. before enabling TFTP service. Typically, some kind of firewall or packet-filter solution should be employed. If
192. appropriately compiled (see the output of in.tftpd --version) tftpd will query the hosts_access(5) database for
193. access control information. This may be slow; sites requiring maximum performance may want to compile without this
194. option and rely on firewalling or kernel-based packet filters instead.
195.  
196. The server should be set to run as the user with the lowest possible privilege; please see the --user flag. It is
197. probably a good idea to set up a specific user account for tftpd, rather than letting it run as "nobody", to guard
198. against privilege leaks between applications.
199.  
200. Access to files can, and should, be restricted by invoking tftpd with a list of directories by including pathnames
201. as server program arguments on the command line. In this case access is restricted to files whole names are pre‐
202. fixed by one of the given directories. If possible, it is recommended that the --secure flag is used to set up a
203. chroot() environment for the server to run in once a connection has been set up.
204.  
205. Finally, the filename remapping (--map-file flag) support can be used to provide a limited amount of additional
206. access control.
207.  
208. CONFORMING TO
209. RFC 1123, Requirements for Internet Hosts - Application and Support.
210. RFC 1350, The TFTP Protocol (revision 2).
211. RFC 2347, TFTP Option Extension.
212. RFC 2348, TFTP Blocksize Option.
213. RFC 2349, TFTP Timeout Interval and Transfer Size Options.
214.  
215. AUTHOR
216. This version of tftpd is maintained by H. Peter Anvin <hpa@zytor.com>. It was derived from, but has substantially
217. diverged from, an OpenBSD source base, with added patches by Markus Gutschke and Gero Kulhman.
218.  
219. SEE ALSO
220. tftp(1), egrep(1), umask(2), hosts_access(5), regex(7), inetd(8).
221.  
222.  
223.  
224. tftp-hpa 5.2 14 September 2009 TFTPD(8)