tftpd(8)

1TFTPD(8)                    System Manager's Manual                   TFTPD(8)
2
3
4

NAME

6       tftpd - IPv4 Trivial File Transfer Protocol server
7

SYNOPSIS

9       in.tftpd [options...]  directory...
10

DESCRIPTION

12       tftpd  is  a  server  for the Trivial File Transfer Protocol.  The TFTP
13       protocol is extensively used to  support  remote  booting  of  diskless
14       devices.   The  server  is  normally started by inetd, but can also run
15       standalone.
16

OPTIONS

18       --ipv4, -4
19              Connect with IPv4 only, even if IPv6 support was compiled in.
20
21       --ipv6, -6
22              Connect with IPv6 only, if compiled in.
23
24       -l, --listen
25              Run the server in standalone (listen) mode, rather than run from
26              inetd.  In listen mode, the --timeout option is ignored, and the
27              --address option can be used to specify a specific local address
28              or port to listen to.
29
30       --foreground, -L
31              Similar  to  --listen  but  do  not  detach  from the foreground
32              process.  Implies --listen.
33
34       --address [address][:port], -a [address][:port]
35              Specify a specific address and port to  listen  to  when  called
36              with  the  --listen  or  --foreground option.  The default is to
37              listen to the tftp port specified in /etc/services on all  local
38              addresses.
39
40              Please  note:  Numeric  IPv6 adresses must be enclosed in square
41              brackets to avoid ambiguity with the optional port information.
42
43       --create, -c
44              Allow new files to be created.   By  default,  tftpd  will  only
45              allow  upload  of  files  that already exist.  Files are created
46              with default permissions allowing anyone to read or write  them,
47              unless the --permissive or --umask options are specified.
48
49       --secure, -s
50              Change  root  directory  on startup.  This means the remote host
51              does not need to pass along the directory as part of the  trans‐
52              fer,  and may add security.  When --secure is specified, exactly
53              one directory should be specified on the command line.  The  use
54              of  this  option is recommended for security as well as compati‐
55              bility with some boot  ROMs  which  cannot  be  easily  made  to
56              include a directory name in its request.
57
58       --user username, -u username
59              Specify  the  username  which  tftpd will run as; the default is
60              "nobody".  The user ID, group ID, and (if possible on the  plat‐
61              form) the supplementary group IDs will be set to the ones speci‐
62              fied in the system permission database for this username.
63
64       --umask umask, -U umask
65              Sets the umask for newly created files to the  specified  value.
66              The  default is zero (anyone can read or write) if the --permis‐
67              sive option is not specified, or  inherited  from  the  invoking
68              process if --permissive is specified.
69
70       --permissive, -p
71              Perform  no  additional permissions checks above the normal sys‐
72              tem-provided access controls for  the  user  specified  via  the
73              --user option.
74
75       --timeout timeout, -t timeout
76              When run from inetd this specifies how long, in seconds, to wait
77              for a second connection before terminating  the  server.   inetd
78              will then respawn the server when another request comes in.  The
79              default is 900 (15 minutes.)
80
81       --retransmit timeout, -T timeout
82              Determine the default timeout, in microseconds, before the first
83              packet  is retransmitted.  This can be modified by the client if
84              the timeout or utimeout option is negotiated.   The  default  is
85              1000000 (1 second.)
86
87       --mapfile remap-file, -m remap-file
88              Specify the use of filename remapping.  The remap-file is a file
89              containing the remapping rules.  See  the  section  on  filename
90              remapping  below.   This  option may not be compiled in, see the
91              output of in.tftpd -V to verify whether or not it is available.
92
93       --verbose, -v
94              Increase the logging verbosity of tftpd.  This flag can be spec‐
95              ified multiple times for even higher verbosity.
96
97       --verbosity value
98              Set the verbosity value to value.
99
100       --refuse tftp-option, -r tftp-option
101              Indicate  that  a  specific RFC 2347 TFTP option should never be
102              accepted.
103
104       --blocksize max-block-size, -B max-block-size
105              Specifies the maximum permitted block size.  The permitted range
106              for  this parameter is from 512 to 65464.  Some embedded clients
107              request large block sizes and yet do not handle fragmented pack‐
108              ets  correctly; for these clients, it is recommended to set this
109              value to the smallest MTU on your network  minus  32  bytes  (20
110              bytes  for  IP,  8  for  UDP, and 4 for TFTP; less if you use IP
111              options on your network.)  For example, on a  standard  Ethernet
112              (MTU 1500) a value of 1468 is reasonable.
113
114       --port-range port:port, -R port:port
115              Force  the  server port number (the Transaction ID) to be in the
116              specified range of port numbers.
117
118       --version, -V
119              Print the version number and configuration to  standard  output,
120              then exit gracefully.
121

RFC 2347 OPTION NEGOTIATION

123       This  version  of tftpd supports RFC 2347 option negotation.  Currently
124       implemented options are:
125
126       blksize (RFC 2348)
127              Set the transfer block size to anything less than  or  equal  to
128              the  specified  option.   This  version of tftpd can support any
129              block size up to the theoretical maximum of 65464 bytes.
130
131       blksize2 (nonstandard)
132              Set the transfer block size to anything less than  or  equal  to
133              the  specified  option,  but  restrict the possible responses to
134              powers of 2.  The maximum is 32768 bytes (the largest power of 2
135              less than or equal to 65464.)
136
137       tsize (RFC 2349)
138              Report  the  size  of  the file that is about to be transferred.
139              This version of tftpd only supports the tsize option for  binary
140              (octet) mode transfers.
141
142       timeout (RFC 2349)
143              Set the time before the server retransmits a packet, in seconds.
144
145       utimeout (nonstandard)
146              Set  the  time  before  the  server  retransmits  a  packet,  in
147              microseconds.
148
149       The --refuse option can be used to disable specific options;  this  may
150       be  necessary  to  work around bugs in specific TFTP client implementa‐
151       tions.  For example, some TFTP clients have been found to  request  the
152       blksize option, but crash with an error if they actually get the option
153       accepted by the server.
154

FILENAME REMAPPING

156       The --mapfile option specifies a file which contains filename remapping
157       rules.   Each non-comment line (comments begin with hash marks, #) con‐
158       tains an operation, specified below; a regex, a regular  expression  in
159       the  style  of egrep; and optionally a replacement pattern.  The opera‐
160       tion indicated by operation is performed if the regex  matches  all  or
161       part  of  the  filename.  Rules are processed from the top down, and by
162       default, all rules are processed even if there is a match.
163
164       The operation can be any combination of the following letters:
165
166       r      Replace the substring matched by regex by the  replacement  pat‐
167              tern.  The replacement pattern may contain escape sequences; see
168              below.
169
170       g      Repeat this rule until it no longer  matches.   This  is  always
171              used with r.
172
173       i      Match  the regex case-insensitively.  By default it is case sen‐
174              sitive.
175
176       e      If this rule matches, end rule processing  after  executing  the
177              rule.
178
179       s      If  this  rule matches, start rule processing over from the very
180              first rule after executing this rule.
181
182       a      If this rule matches, refuse the  request  and  send  an  access
183              denied error to the client.
184
185       G      This rule applies to GET (RRQ) requests only.
186
187       P      This rule applies to PUT (WRQ) requests only.
188
189       ~      Inverse  the sense of this rule, i.e. execute the operation only
190              if the regex doesn't match.  Cannot used together with r.
191
192       The following escape sequences are recognized as part of  the  replace‐
193       ment pattern:
194
195       \0     The entire string matched by the regex.
196
197       \1 to \9
198              The strings matched by each of the first nine parenthesized sub‐
199              expressions, \( ... \), of the regex pattern.
200
201       \i     The IP address of the requesting host, in  dotted-quad  notation
202              (e.g. 192.0.2.169).
203
204       \x     The  IP  address of the requesting host, in hexadecimal notation
205              (e.g. C00002A9).
206
207       \\     Literal backslash.
208
209       \whitespace
210              Literal whitespace.
211
212       \#     Literal hash mark.
213
214       \U     Turns all subsequent letters to upper case.
215
216       \L     Turns all subsequent letters to lower case.
217
218       \E     Cancels the effect of \U or \L.
219
220       If the mapping file is changed, you need to send  SIGHUP  to  any  out‐
221       standing tftpd process.
222

SECURITY

224       The use of TFTP services does not require an account or password on the
225       server system.  Due to the lack of  authentication  information,  tftpd
226       will  allow  only  publicly readable files (o+r) to be accessed, unless
227       the --permissive option is specified.  Files may  be  written  only  if
228       they  already  exist  and  are  publicly  writable, unless the --create
229       option is specified.  Note that this extends the concept of  ``public''
230       to  include all users on all hosts that can be reached through the net‐
231       work; this may not be appropriate on all systems, and its  implications
232       should  be  considered  before  enabling TFTP service.  Typically, some
233       kind of firewall or packet-filter  solution  should  be  employed.   If
234       appropriately  compiled  (see  the  output of in.tftpd --version) tftpd
235       will query the hosts_access(5) database for access control information.
236       This  may be slow; sites requiring maximum performance may want to com‐
237       pile without this option and rely on firewalling or kernel-based packet
238       filters instead.
239
240       The  server  should  be set to run as the user with the lowest possible
241       privilege; please see the --user flag.  It is probably a good  idea  to
242       set up a specific user account for tftpd, rather than letting it run as
243       "nobody", to guard against privilege leaks between applications.
244
245       Access to files can, and should, be restricted by invoking tftpd with a
246       list  of directories by including pathnames as server program arguments
247       on the command line.  In this case access is restricted to files  whole
248       names are prefixed by one of the given directories.  If possible, it is
249       recommended that the --secure flag is used to set up a  chroot()  envi‐
250       ronment for the server to run in once a connection has been set up.
251
252       Finally, the filename remapping (--mapfile flag) support can be used to
253       provide a limited amount of additional access control.
254

CONFORMING TO

256       RFC 1123, Requirements for Internet Hosts - Application and Support.
257       RFC 1350, The TFTP Protocol (revision 2).
258       RFC 2347, TFTP Option Extension.
259       RFC 2348, TFTP Blocksize Option.
260       RFC 2349, TFTP Timeout Interval and Transfer Size Options.
261

AUTHOR

263       This version of tftpd is maintained by H. Peter Anvin  <hpa@zytor.com>.
264       It  was  derived  from, but has substantially diverged from, an OpenBSD
265       source base, with added patches by Markus Gutschke and Gero Kulhman.
266