Uniformly refer to RFCs as 'RFC xxxx' and not 'RFCxxxx' or 'RFC-xxxx'.
[dragonfly.git] / libexec / tftpd / tftpd.8
CommitLineData
984263bc
MD
1.\" Copyright (c) 1983, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93
33.\" $FreeBSD: src/libexec/tftpd/tftpd.8,v 1.6.2.6 2003/04/06 19:42:56 dwmalone Exp $
cabeba47 34.\" $DragonFly: src/libexec/tftpd/tftpd.8,v 1.3 2007/11/23 23:16:36 swildner Exp $
984263bc
MD
35.\"
36.Dd September 14, 2000
37.Dt TFTPD 8
38.Os
39.Sh NAME
40.Nm tftpd
41.Nd Internet Trivial File Transfer Protocol server
42.Sh SYNOPSIS
43.Nm /usr/libexec/tftpd
44.Op Fl cCln
45.Op Fl s Ar directory
46.Op Fl u Ar user
47.Op Ar directory ...
48.Sh DESCRIPTION
49The
50.Nm
51utility is a server which supports the
52Internet Trivial File Transfer
53Protocol
54.Pq Tn RFC 1350 .
55The
56.Tn TFTP
57server operates
58at the port indicated in the
59.Ql tftp
60service description;
61see
62.Xr services 5 .
63The server is normally started by
64.Xr inetd 8 .
65.Pp
66The use of
67.Xr tftp 1
68does not require an account or password on the remote system.
69Due to the lack of authentication information,
70.Nm
71will allow only publicly readable files to be
72accessed.
73Files containing the string ``/\|\fB.\|.\fP\|/'' or starting with
74``\|\fB.\|.\fP\|/'' are not allowed.
75Files may be written only if they already exist and are publicly writable.
76Note that this extends the concept of
77.Dq public
78to include
79all users on all hosts that can be reached through the network;
80this may not be appropriate on all systems, and its implications
81should be considered before enabling tftp service.
82The server should have the user ID with the lowest possible privilege.
83.Pp
84Access to files may be restricted by invoking
85.Nm
86with a list of directories by including up to 20 pathnames
87as server program arguments in
88.Pa /etc/inetd.conf .
89In this case access is restricted to files whose
90names are prefixed by the one of the given directories.
91The given directories are also treated as a search path for
92relative filename requests.
93.Pp
94The
95.Fl s
96option provides additional security by changing
97.Nm Ns No 's
98root directory, thereby prohibiting accesses outside of the specified
99.Ar directory .
100Because
101.Xr chroot 2
102requires super-user privileges,
103.Nm
104must be run as root.
105However, after performing the
106.Fn chroot ,
107.Nm
108will set its user id to that of the specified
109.Ar user ,
110or
111.Dq nobody
112if no
113.Fl u
114option is specified.
115.Pp
116The options are:
117.Bl -tag -width Ds
118.It Fl c
119Changes the default root directory of a connecting host via chroot based on the
120connecting IP address.
121This prevents multiple clients from writing to the same file at the same time.
122If the directory does not exist, the client connection is refused.
123The
124.Fl s
125option is required for
126.Fl c
127and the specified
128.Ar directory
129is used as a base.
130.It Fl C
131Operates the same as
132.Fl c
133except it falls back to
134.Fl s Ns No 's
135.Ar directory
136if a directory does not exist for the client's IP.
137.It Fl l
138Log all requests using
139.Xr syslog 3
140with the facility of
141.Dv LOG_FTP .
142Note: Logging of
143.Dv LOG_FTP
144messages
145must also be enabled in the syslog configuration file,
146.Xr syslog.conf 5 .
147.It Fl n
148Suppress negative acknowledgement of requests for nonexistent
149relative filenames.
150.It Fl s Ar directory
151Cause
152.Nm
153to change its root directory to
154.Pa directory .
155After changing roots but before accepting commands,
156.Nm
157will switch credentials to an unprivileged user.
158.It Fl u Ar user
159Switch credentials to
160.Ar user
161(default
162.Dq nobody )
163when the
164.Fl s
165option is used.
166The user must be specified by name, not a numeric UID.
167.El
168.Sh SEE ALSO
169.Xr tftp 1 ,
170.Xr chroot 2 ,
171.Xr inetd 8 ,
172.Xr syslogd 8
173.Rs
174.%A K. R. Sollins
175.%T The TFTP Protocol (Revision 2)
176.%D July 1992
177.%O RFC 1350, STD 33
178.Re
179.Sh HISTORY
180The
181.Nm
182utility appeared in
183.Bx 4.2 ;
184the
185.Fl s
186option was introduced in
187.Fx 2.2 ,
188the
189.Fl u
190option was introduced in
191.Fx 4.2 ,
192and the
193.Fl c
194option was introduced in
195.Fx 4.3 .
196.Sh BUGS
197Files larger than 33488896 octets (65535 blocks) cannot be transferred
cabeba47 198without client and server supporting blocksize negotiation (RFC 1783).
984263bc
MD
199.Pp
200Many tftp clients will not transfer files over 16744448 octets (32767 blocks).