NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXTENDED DESCRIPTION | ATTRIBUTES | SEE ALSO
The tftpd command is a server which supports the Internet Trivial File Transfer Protocol (RFC 783). The TFTP server operates at the port indicated in the tftp service description; see services(4CC). The server is normally started as an autonomous daemon under ChorusOS.
The use of tftp(1CC) does not require an account or password on the remote system. Due to the lack of authentication information, tftpd will allow only publicly readable files to be accessed. Files containing the string "/../ "or starting with "../" are not allowed. Files may be written only if they already exist and are publicly writable. Note that this extends the concept of ``public'' to include all users on all hosts that can be reached through the network; this may not be appropriate on all systems, and its implications should be considered before enabling tftp service. The server should have the user ID with the lowest possible privilege.
Access to files may be restricted by invoking tftpd with a list of directories by including up to 20 pathnames as server program arguments in /etc/inetd.conf. In this case access is restricted to files whose names are prefixed by the one of the given directories. The given directories are also treated as a search path for relative filename requests.
The chroot option provides additional security by restricting access of tftpd to only a chrooted file system. This is useful when moving from an OS that supported -s as a boot server. Because chroot is restricted to root, you must run tftpd as root. However, if you chroot, then tftpd will set its user ID to nobody.
The following options are supported:
Log all requests using sysLog(2K) with the LOG_FTP facility.
Logging of LOG_FTP messages will also need to be enabled in the syslog configuration file syslog.conf(4CC).
Suppress negative acknowledgement of requests for nonexistent relative filenames.
Cause tftpd to chroot to directory before accepting commands.
Under ChorusOS, tftpd runs as root; the user id is not set to nobody. You should not run tftpd unless you are using -s.
The chroot option provides additional security by restricting access of tftpd to only a chroot'd file system. This is useful when moving from an OS that supports -s as a boot server. Because chroot is restricted to root, you must run tftpd as root.
In order for tftpd to function properly, you must either use the -s option, or at least one directory name.
The use of tftp(1CC) does not require an account or password on the remote system. Due to the lack of authentication information, tftpd will allow only publicly readable files to be accessed. Files containing the string "/../" or starting with "../" are not allowed. Files may be written only if they already exist and are publicly writable. Note that this extends the concept of "public" to include all users on all hosts that can be reached through the network; this is not appropriate on all systems, and its implications should be considered before enabling tftp service. The server should have the user ID with the lowest possible privilege.
Access to files can be restricted by invoking tftpd with a list of directories by including up to 20 pathname arguments on the command line. In this case access is restricted to files whose names are prefixed by one of the given directories. The given directories are also treated as a search path for relative filename requests.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Interface Stability | Evolving |
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXTENDED DESCRIPTION | ATTRIBUTES | SEE ALSO