in.tftpd man page on Mageia

Man page or keyword search:  
man Server   17783 pages
apropos Keyword Search (all sections)
Output format
Mageia logo
[printable version]

TFTPD(8)		    System Manager's Manual		      TFTPD(8)

NAME
       tftpd - Trivial File Transfer Protocol server

SYNOPSIS
       in.tftpd [options...]  directory...

DESCRIPTION
       tftpd  is  a  server  for the Trivial File Transfer Protocol.  The TFTP
       protocol is extensively used to	support	 remote	 booting  of  diskless
       devices.	  The  server  is  normally started by inetd, but can also run
       standalone.

OPTIONS
       --ipv4, -4
	      Connect with IPv4 only, even if IPv6 support was compiled in.

       --ipv6, -6
	      Connect with IPv6 only, if compiled in.

       -l, --listen
	      Run the server in standalone (listen) mode, rather than run from
	      inetd.  In listen mode, the --timeout option is ignored, and the
	      --address option can be used to specify a specific local address
	      or port to listen to.

       --foreground, -L
	      Similar  to  --listen  but  do  not  detach  from the foreground
	      process.	Implies --listen.

       --address [address][:port], -a [address][:port]
	      Specify a specific address and port to  listen  to  when	called
	      with  the	 --listen  or  --foreground option.  The default is to
	      listen to the tftp port specified in /etc/services on all	 local
	      addresses.

	      Please  note:  Numeric  IPv6 adresses must be enclosed in square
	      brackets to avoid ambiguity with the optional port information.

       --create, -c
	      Allow new files to be created.   By  default,  tftpd  will  only
	      allow  upload  of	 files	that already exist.  Files are created
	      with default permissions allowing anyone to read or write	 them,
	      unless the --permissive or --umask options are specified.

       --secure, -s
	      Change  root  directory  on startup.  This means the remote host
	      does not need to pass along the directory as part of the	trans‐
	      fer,  and may add security.  When --secure is specified, exactly
	      one directory should be specified on the command line.  The  use
	      of  this	option is recommended for security as well as compati‐
	      bility with some boot  ROMs  which  cannot  be  easily  made  to
	      include a directory name in its request.

       --user username, -u username
	      Specify  the  username  which  tftpd will run as; the default is
	      "nobody".	 The user ID, group ID, and (if possible on the	 plat‐
	      form) the supplementary group IDs will be set to the ones speci‐
	      fied in the system permission database for this username.

       --umask umask, -U umask
	      Sets the umask for newly created files to the  specified	value.
	      The  default is zero (anyone can read or write) if the --permis‐
	      sive option is not specified, or	inherited  from	 the  invoking
	      process if --permissive is specified.

       --permissive, -p
	      Perform  no  additional permissions checks above the normal sys‐
	      tem-provided access controls for	the  user  specified  via  the
	      --user option.

       --pidfile pidfile, -P pidfile
	      When run in standalone mode, write the process ID of the listen‐
	      ing server into pidfile.	On normal termination (SIGTERM or SIG‐
	      INT) the pid file is automatically removed.

       --timeout timeout, -t timeout
	      When run from inetd this specifies how long, in seconds, to wait
	      for a second connection before terminating  the  server.	 inetd
	      will then respawn the server when another request comes in.  The
	      default is 900 (15 minutes.)

       --retransmit timeout, -T timeout
	      Determine the default timeout, in microseconds, before the first
	      packet  is retransmitted.	 This can be modified by the client if
	      the timeout or utimeout option is negotiated.   The  default  is
	      1000000 (1 second.)

       --mapfile remap-file, -m remap-file
	      Specify the use of filename remapping.  The remap-file is a file
	      containing the remapping rules.  See  the	 section  on  filename
	      remapping	 below.	  This	option may not be compiled in, see the
	      output of in.tftpd -V to verify whether or not it is available.

       --verbose, -v
	      Increase the logging verbosity of tftpd.	This flag can be spec‐
	      ified multiple times for even higher verbosity.

       --verbosity value
	      Set the verbosity value to value.

       --refuse tftp-option, -r tftp-option
	      Indicate	that  a	 specific RFC 2347 TFTP option should never be
	      accepted.

       --blocksize max-block-size, -B max-block-size
	      Specifies the maximum permitted block size.  The permitted range
	      for  this parameter is from 512 to 65464.	 Some embedded clients
	      request large block sizes and yet do not handle fragmented pack‐
	      ets  correctly; for these clients, it is recommended to set this
	      value to the smallest MTU on your network	 minus	32  bytes  (20
	      bytes  for  IP,  8  for  UDP, and 4 for TFTP; less if you use IP
	      options on your network.)	 For example, on a  standard  Ethernet
	      (MTU 1500) a value of 1468 is reasonable.

       --port-range port:port, -R port:port
	      Force  the  server port number (the Transaction ID) to be in the
	      specified range of port numbers.

       --version, -V
	      Print the version number and configuration to  standard  output,
	      then exit gracefully.

RFC 2347 OPTION NEGOTIATION
       This  version  of tftpd supports RFC 2347 option negotation.  Currently
       implemented options are:

       blksize (RFC 2348)
	      Set the transfer block size to anything less than	 or  equal  to
	      the  specified  option.	This  version of tftpd can support any
	      block size up to the theoretical maximum of 65464 bytes.

       blksize2 (nonstandard)
	      Set the transfer block size to anything less than	 or  equal  to
	      the  specified  option,  but  restrict the possible responses to
	      powers of 2.  The maximum is 32768 bytes (the largest power of 2
	      less than or equal to 65464.)

       tsize (RFC 2349)
	      Report  the  size	 of  the file that is about to be transferred.
	      This version of tftpd only supports the tsize option for	binary
	      (octet) mode transfers.

       timeout (RFC 2349)
	      Set the time before the server retransmits a packet, in seconds.

       utimeout (nonstandard)
	      Set  the	time  before  the  server  retransmits	a  packet,  in
	      microseconds.

       rollover (nonstandard)
	      Set the block number to resume at after a block number rollover.
	      The default and recommended value is zero.

       The  --refuse  option can be used to disable specific options; this may
       be necessary to work around bugs in specific  TFTP  client  implementa‐
       tions.	For  example, some TFTP clients have been found to request the
       blksize option, but crash with an error if they actually get the option
       accepted by the server.

FILENAME REMAPPING
       The --mapfile option specifies a file which contains filename remapping
       rules.  Each non-comment line (comments begin with hash marks, #)  con‐
       tains  an  operation, specified below; a regex, a regular expression in
       the style of egrep; and optionally a replacement pattern.   The	opera‐
       tion  indicated	by  operation is performed if the regex matches all or
       part of the filename.  Rules are processed from the top	down,  and  by
       default, all rules are processed even if there is a match.

       The operation can be any combination of the following letters:

       r      Replace  the  substring matched by regex by the replacement pat‐
	      tern.  The replacement pattern may contain escape sequences; see
	      below.

       g      Repeat  this  rule  until	 it no longer matches.	This is always
	      used with r.

       i      Match the regex case-insensitively.  By default it is case  sen‐
	      sitive.

       e      If  this	rule  matches, end rule processing after executing the
	      rule.

       s      If this rule matches, start rule processing over from  the  very
	      first rule after executing this rule.

       a      If  this	rule  matches,	refuse	the request and send an access
	      denied error to the client.

       G      This rule applies to GET (RRQ) requests only.

       P      This rule applies to PUT (WRQ) requests only.

       ~      Inverse the sense of this rule, i.e. execute the operation  only
	      if the regex doesn't match.  Cannot used together with r.

       The  following  escape sequences are recognized as part of the replace‐
       ment pattern:

       \0     The entire string matched by the regex.

       \1 to \9
	      The strings matched by each of the first nine parenthesized sub‐
	      expressions, \( ... \), of the regex pattern.

       \i     The  IP  address of the requesting host, in dotted-quad notation
	      (e.g. 192.0.2.169).

       \x     The IP address of the requesting host, in	 hexadecimal  notation
	      (e.g. C00002A9).

       \\     Literal backslash.

       \whitespace
	      Literal whitespace.

       \#     Literal hash mark.

       \U     Turns all subsequent letters to upper case.

       \L     Turns all subsequent letters to lower case.

       \E     Cancels the effect of \U or \L.

       If  the	mapping	 file  is changed, you need to send SIGHUP to any out‐
       standing tftpd process.

SECURITY
       The use of TFTP services does not require an account or password on the
       server  system.	 Due  to the lack of authentication information, tftpd
       will allow only publicly readable files (o+r) to	 be  accessed,	unless
       the  --permissive  option  is  specified.  Files may be written only if
       they already exist and  are  publicly  writable,	 unless	 the  --create
       option  is specified.  Note that this extends the concept of ``public''
       to include all users on all hosts that can be reached through the  net‐
       work;  this may not be appropriate on all systems, and its implications
       should be considered before enabling  TFTP  service.   Typically,  some
       kind  of	 firewall  or  packet-filter  solution should be employed.  If
       appropriately compiled (see the output  of  in.tftpd  --version)	 tftpd
       will query the hosts_access(5) database for access control information.
       This may be slow; sites requiring maximum performance may want to  com‐
       pile without this option and rely on firewalling or kernel-based packet
       filters instead.

       The server should be set to run as the user with	 the  lowest  possible
       privilege;  please  see the --user flag.	 It is probably a good idea to
       set up a specific user account for tftpd, rather than letting it run as
       "nobody", to guard against privilege leaks between applications.

       Access to files can, and should, be restricted by invoking tftpd with a
       list of directories by including pathnames as server program  arguments
       on  the command line.  In this case access is restricted to files whole
       names are prefixed by one of the given directories.  If possible, it is
       recommended  that  the --secure flag is used to set up a chroot() envi‐
       ronment for the server to run in once a connection has been set up.

       Finally, the filename remapping (--mapfile flag) support can be used to
       provide a limited amount of additional access control.

CONFORMING TO
       RFC 1123, Requirements for Internet Hosts - Application and Support.
       RFC 1350, The TFTP Protocol (revision 2).
       RFC 2347, TFTP Option Extension.
       RFC 2348, TFTP Blocksize Option.
       RFC 2349, TFTP Timeout Interval and Transfer Size Options.

AUTHOR
       This  version of tftpd is maintained by H. Peter Anvin <hpa@zytor.com>.
       It was derived from, but has substantially diverged  from,  an  OpenBSD
       source base, with added patches by Markus Gutschke and Gero Kulhman.

SEE ALSO
       tftp(1), egrep(1), umask(2), hosts_access(5), regex(7), inetd(8).

tftp-hpa 5.2		       14 September 2009		      TFTPD(8)
[top]

List of man pages available for Mageia

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net