tftpd(1M)
NAME
tftpd − trivial file transfer protocol server
SYNOPSIS
/etc/tftpd [-R seconds] [-T seconds] [path ...]
DESCRIPTION
tftpd is a server that supports the DARPA Trivial File Transfer Protocol (RFC783). The TFTP server operates at the port indicated in the tftp service description (see services(4)). The server is normally started by inetd using the /etc/inetd.conf file (see inetd(1M) and inetd.conf(4)).
The -R option specifies the per-packet retransmission timeout, in seconds. The -T option specifies the total retransmission timeout, in seconds. The default values are 5 and 25 seconds, respectively.
If no path is specified on the command line, tftpd requires an entry in the /etc/passwd database (see passwd(4)) for an account (pseudo-user) named tftp. The password field should be *, the group membership should be guest, and the login shell should be /bin/false. For example:
tftp:*:510:guest:tftp server:/usr/tftpdir:/bin/false
tftpd uses a call to chroot() to change its root directory to be the same as the home directory of the pseudo-user tftp. This restricts access by tftp clients to only those files found below the tftp home directory (see chroot(2)). Furthermore, tftp clients can only read files in that directory if they are readable by the user tftp, and tftp clients can only write files in that directory if they exist and are writable by the user tftp.
If any path is specified on the command line, tftpd does not use the tftp user’s home directory as its root directory, and does not require that a pseudo-user named tftp exist in /etc/passwd. The specified paths control access to files by tftp clients. Each path is treated as being relative to / (not the tftp home directory), and can be either a directory or a file. tftpd disallows a client access to any file that does not match entirely or in its initial components one of the restriction paths. It also disallows access to any file path containing “..”. However, an accessed file can be a symbolic link that points outside the set of restricted paths.
If any path is specified on the command line and the tftp home directory is defined and not /, tftpd first looks for a file relative to (under) the home directory. If the file is not found there, then tftpd looks for the file relative to / with path restrictions applied. Thus if two files with the same name can be found in both locations, tftpd accesses the one under tftp’s home directory.
Note that inetd allows continuation of command lines in inetd.conf by ending continued lines with a backslash.
Defining the tftp pseudo-user is strongly recommended even when paths are specified, because client access is further restricted to files that can be read and/or written by this user. It is safe to set the tftp user’s home directory to / in this case.
DIAGNOSTICS
The following diagnostics are logged to the syslogd daemon facility at the error log level (see syslogd(1M)).
No security mechanism exists
The user tftp was not found in the password database (/etc/passwd), and tftpd was invoked without any path arguments.
Next step: Add or correct the entry for the user tftp in the password database /etc/passwd. Or, add an access list (path arguments) to the tftpd arguments in the inetd configuration file /etc/inetd.conf, and then restart inetd with the command inetd -c.
Unknown option option ignored
An invalid option was specified in the tftpd arguments in the inetd configuration file /etc/inetd.conf.
Next step: Remove or correct the option and reconfigure inetd with the command inetd -c.
Invalid total timeout timeout
The value given for the -T option was either not a number or was a negative number.
Next step: Correct the value given for the -T option and reconfigure inetd with the command inetd -c.
Invalid retransmission timeout timeout
The value given for the -R option was either not a number or was a negative number.
Next step: Correct the value given for the -R option and reconfigure inetd with the command inetd -c.
system call:...
The named system call failed; see the corresponding manual entry for a description of the system call. The reason for the failure is explained in the error message appended to the system call name.
WARNINGS
When invoked with no path arguments, tftpd cannot follow symbolic links that refer to paths outside of the home directory of the pseudo-user tftp, because it performs a chroot().
AUTHOR
tftpd was developed by the University of California, Berkeley, and Hewlett-Packard.
SEE ALSO
tftp(1), inetd(1M), syslogd(1M), chroot(2), passwd(4).
Hewlett-Packard Company — HP-UX Release 9.03: April 1994