Next: , Previous: , Up: Top   [Contents][Index]

26 tftpd: TFTP server

tftpd is intended to be invoked via inetd at all times.


tftpd [options] [directory …]
-g group

Specify group membership of the process owner. This is used only along with the option -s, and replaces the group membership that comes from the process owner himself.


Enable logging.


Supress negative acknowledgement of requests for nonexistent relative filenames.

-s dir

Let the serving process change its root directory to dir before attending to any requests. This directory is not observable by any client, but improves server isolation, since servable contents must be located below this chrooted directory dir.

-u user

Specify the process owner for serving requests. Only relevant along with the option -s. The default name is ‘nobody’.

26.1 Directory prefixes

In addition to options, an invocation of tftpd can specify an optional list of directory prefixes. These are approved of according to two principles:

A request for a file is decided upon as a consequence of evaluating these criteria:

26.2 Use cases

The standard use case is an entry in /etc/inetd.conf like

tftp dgram udp4 wait root /usr/sbin/tftpd \
       tftpd /tftpboot /altboot

This would allow the TFTP client to use any of

get kernel
get /tftpboot/kernel
get kernel.alt
get /altboot/kernel.alt
get /etc/motd

given that /tftpboot/kernel and /altboot/kernel.alt exist. Observe that also /etc/motd is accessible, inspite there being no explicit mention of standard file locations.

A stronger mode of running a TFTP server is to use the ‘secure mode’, meaning that the serving process is running in a chrooted mode. Then a suitable configuration could be

tftp dgram udp4 wait root /usr/sbin/tftpd \
       tftpd --secure-dir=/srv/tftp-root  /tftpboot /altboot

Supposing the files kernel and kernel.alt to exist in the common directory /srv/tftp-root/altboot/, all the previously suggested client requests for a kernel would still be granted, but now any request for /etc/motd would be declined, and would get a reply ‘File not found’ back.

The chrooted setting is denying access outside of /srv/tftp-root, yet is not indicating this lock-in to the client, and is thus improving server isolation. Since neither of -u and -g were specified, the configuration reproduced above will in fact have the transmitting server process running with the default owner set to ‘nobody:nogroup’.

Next: , Previous: , Up: Top   [Contents][Index]