Commit | Line | Data |
---|---|---|
984263bc MD |
1 | .\" Copyright (c) 1983, 1991, 1993 |
2 | .\" The Regents of the University of California. All rights reserved. | |
3 | .\" | |
4 | .\" Redistribution and use in source and binary forms, with or without | |
5 | .\" modification, are permitted provided that the following conditions | |
6 | .\" are met: | |
7 | .\" 1. Redistributions of source code must retain the above copyright | |
8 | .\" notice, this list of conditions and the following disclaimer. | |
9 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
10 | .\" notice, this list of conditions and the following disclaimer in the | |
11 | .\" documentation and/or other materials provided with the distribution. | |
12 | .\" 3. All advertising materials mentioning features or use of this software | |
13 | .\" must display the following acknowledgement: | |
14 | .\" This product includes software developed by the University of | |
15 | .\" California, Berkeley and its contributors. | |
16 | .\" 4. Neither the name of the University nor the names of its contributors | |
17 | .\" may be used to endorse or promote products derived from this software | |
18 | .\" without specific prior written permission. | |
19 | .\" | |
20 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | .\" SUCH DAMAGE. | |
31 | .\" | |
32 | .\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93 | |
33 | .\" $FreeBSD: src/libexec/tftpd/tftpd.8,v 1.6.2.6 2003/04/06 19:42:56 dwmalone Exp $ | |
cabeba47 | 34 | .\" $DragonFly: src/libexec/tftpd/tftpd.8,v 1.3 2007/11/23 23:16:36 swildner Exp $ |
984263bc MD |
35 | .\" |
36 | .Dd September 14, 2000 | |
37 | .Dt TFTPD 8 | |
38 | .Os | |
39 | .Sh NAME | |
40 | .Nm tftpd | |
41 | .Nd Internet Trivial File Transfer Protocol server | |
42 | .Sh SYNOPSIS | |
43 | .Nm /usr/libexec/tftpd | |
44 | .Op Fl cCln | |
45 | .Op Fl s Ar directory | |
46 | .Op Fl u Ar user | |
47 | .Op Ar directory ... | |
48 | .Sh DESCRIPTION | |
49 | The | |
50 | .Nm | |
51 | utility is a server which supports the | |
52 | Internet Trivial File Transfer | |
53 | Protocol | |
54 | .Pq Tn RFC 1350 . | |
55 | The | |
56 | .Tn TFTP | |
57 | server operates | |
58 | at the port indicated in the | |
59 | .Ql tftp | |
60 | service description; | |
61 | see | |
62 | .Xr services 5 . | |
63 | The server is normally started by | |
64 | .Xr inetd 8 . | |
65 | .Pp | |
66 | The use of | |
67 | .Xr tftp 1 | |
68 | does not require an account or password on the remote system. | |
69 | Due to the lack of authentication information, | |
70 | .Nm | |
71 | will allow only publicly readable files to be | |
72 | accessed. | |
73 | Files containing the string ``/\|\fB.\|.\fP\|/'' or starting with | |
74 | ``\|\fB.\|.\fP\|/'' are not allowed. | |
75 | Files may be written only if they already exist and are publicly writable. | |
76 | Note that this extends the concept of | |
77 | .Dq public | |
78 | to include | |
79 | all users on all hosts that can be reached through the network; | |
80 | this may not be appropriate on all systems, and its implications | |
81 | should be considered before enabling tftp service. | |
82 | The server should have the user ID with the lowest possible privilege. | |
83 | .Pp | |
84 | Access to files may be restricted by invoking | |
85 | .Nm | |
86 | with a list of directories by including up to 20 pathnames | |
87 | as server program arguments in | |
88 | .Pa /etc/inetd.conf . | |
89 | In this case access is restricted to files whose | |
90 | names are prefixed by the one of the given directories. | |
91 | The given directories are also treated as a search path for | |
92 | relative filename requests. | |
93 | .Pp | |
94 | The | |
95 | .Fl s | |
96 | option provides additional security by changing | |
97 | .Nm Ns No 's | |
98 | root directory, thereby prohibiting accesses outside of the specified | |
99 | .Ar directory . | |
100 | Because | |
101 | .Xr chroot 2 | |
102 | requires super-user privileges, | |
103 | .Nm | |
104 | must be run as root. | |
105 | However, after performing the | |
106 | .Fn chroot , | |
107 | .Nm | |
108 | will set its user id to that of the specified | |
109 | .Ar user , | |
110 | or | |
111 | .Dq nobody | |
112 | if no | |
113 | .Fl u | |
114 | option is specified. | |
115 | .Pp | |
116 | The options are: | |
117 | .Bl -tag -width Ds | |
118 | .It Fl c | |
119 | Changes the default root directory of a connecting host via chroot based on the | |
120 | connecting IP address. | |
121 | This prevents multiple clients from writing to the same file at the same time. | |
122 | If the directory does not exist, the client connection is refused. | |
123 | The | |
124 | .Fl s | |
125 | option is required for | |
126 | .Fl c | |
127 | and the specified | |
128 | .Ar directory | |
129 | is used as a base. | |
130 | .It Fl C | |
131 | Operates the same as | |
132 | .Fl c | |
133 | except it falls back to | |
134 | .Fl s Ns No 's | |
135 | .Ar directory | |
136 | if a directory does not exist for the client's IP. | |
137 | .It Fl l | |
138 | Log all requests using | |
139 | .Xr syslog 3 | |
140 | with the facility of | |
141 | .Dv LOG_FTP . | |
142 | Note: Logging of | |
143 | .Dv LOG_FTP | |
144 | messages | |
145 | must also be enabled in the syslog configuration file, | |
146 | .Xr syslog.conf 5 . | |
147 | .It Fl n | |
148 | Suppress negative acknowledgement of requests for nonexistent | |
149 | relative filenames. | |
150 | .It Fl s Ar directory | |
151 | Cause | |
152 | .Nm | |
153 | to change its root directory to | |
154 | .Pa directory . | |
155 | After changing roots but before accepting commands, | |
156 | .Nm | |
157 | will switch credentials to an unprivileged user. | |
158 | .It Fl u Ar user | |
159 | Switch credentials to | |
160 | .Ar user | |
161 | (default | |
162 | .Dq nobody ) | |
163 | when the | |
164 | .Fl s | |
165 | option is used. | |
166 | The user must be specified by name, not a numeric UID. | |
167 | .El | |
168 | .Sh SEE ALSO | |
169 | .Xr tftp 1 , | |
170 | .Xr chroot 2 , | |
171 | .Xr inetd 8 , | |
172 | .Xr syslogd 8 | |
173 | .Rs | |
174 | .%A K. R. Sollins | |
175 | .%T The TFTP Protocol (Revision 2) | |
176 | .%D July 1992 | |
177 | .%O RFC 1350, STD 33 | |
178 | .Re | |
179 | .Sh HISTORY | |
180 | The | |
181 | .Nm | |
182 | utility appeared in | |
183 | .Bx 4.2 ; | |
184 | the | |
185 | .Fl s | |
186 | option was introduced in | |
187 | .Fx 2.2 , | |
188 | the | |
189 | .Fl u | |
190 | option was introduced in | |
191 | .Fx 4.2 , | |
192 | and the | |
193 | .Fl c | |
194 | option was introduced in | |
195 | .Fx 4.3 . | |
196 | .Sh BUGS | |
197 | Files larger than 33488896 octets (65535 blocks) cannot be transferred | |
cabeba47 | 198 | without client and server supporting blocksize negotiation (RFC 1783). |
984263bc MD |
199 | .Pp |
200 | Many tftp clients will not transfer files over 16744448 octets (32767 blocks). |