1TFTPD(8)                    System Manager's Manual                   TFTPD(8)
2
3
4

NAME

6       tftpd - Trivial File Transfer Protocol server
7

SYNOPSIS

9       in.tftpd [options...]  directory...
10

DESCRIPTION

12       tftpd  is  a  server  for the Trivial File Transfer Protocol.  The TFTP
13       protocol is extensively used to  support  remote  booting  of  diskless
14       devices.   The  server  is  normally started by inetd, but can also run
15       standalone.
16

OPTIONS

18       --ipv4, -4
19              Connect with IPv4 only, even if IPv6 support was compiled in.
20
21       --ipv6, -6
22              Connect with IPv6 only, if compiled in.
23
24       -l, --listen
25              Run the server in standalone (listen) mode, rather than run from
26              inetd.  In listen mode, the --timeout option is ignored, and the
27              --address option can be used to specify a specific local address
28              or port to listen to.
29
30       --foreground, -L
31              Similar  to  --listen  but  do  not  detach  from the foreground
32              process.  Implies --listen.
33
34       --address [address][:port], -a [address][:port]
35              Specify a specific address and port to  listen  to  when  called
36              with  the  --listen  or  --foreground option.  The default is to
37              listen to the tftp port specified in /etc/services on all  local
38              addresses.
39
40              Please  note:  Numeric  IPv6 adresses must be enclosed in square
41              brackets to avoid ambiguity with the optional port information.
42
43       --create, -c
44              Allow new files to be created.   By  default,  tftpd  will  only
45              allow  upload  of  files  that already exist.  Files are created
46              with default permissions allowing anyone to read or write  them,
47              unless the --permissive or --umask options are specified.
48
49       --secure, -s
50              Change  root  directory  on startup.  This means the remote host
51              does not need to pass along the directory as part of the  trans‐
52              fer,  and may add security.  When --secure is specified, exactly
53              one directory should be specified on the command line.  The  use
54              of  this  option is recommended for security as well as compati‐
55              bility with some boot  ROMs  which  cannot  be  easily  made  to
56              include a directory name in its request.
57
58       --user username, -u username
59              Specify  the  username  which  tftpd will run as; the default is
60              "nobody".  The user ID, group ID, and (if possible on the  plat‐
61              form) the supplementary group IDs will be set to the ones speci‐
62              fied in the system permission database for this username.
63
64       --umask umask, -U umask
65              Sets the umask for newly created files to the  specified  value.
66              The  default is zero (anyone can read or write) if the --permis‐
67              sive option is not specified, or  inherited  from  the  invoking
68              process if --permissive is specified.
69
70       --permissive, -p
71              Perform  no  additional permissions checks above the normal sys‐
72              tem-provided access controls for  the  user  specified  via  the
73              --user option.
74
75       --pidfile pidfile, -P pidfile
76              When run in standalone mode, write the process ID of the listen‐
77              ing server into pidfile.  On normal termination (SIGTERM or SIG‐
78              INT) the pid file is automatically removed.
79
80       --timeout timeout, -t timeout
81              When run from inetd this specifies how long, in seconds, to wait
82              for a second connection before terminating  the  server.   inetd
83              will then respawn the server when another request comes in.  The
84              default is 900 (15 minutes.)
85
86       --retransmit timeout, -T timeout
87              Determine the default timeout, in microseconds, before the first
88              packet  is retransmitted.  This can be modified by the client if
89              the timeout or utimeout option is negotiated.   The  default  is
90              1000000 (1 second.)
91
92       --map-file remap-file, -m remap-file
93              Specify the use of filename remapping.  The remap-file is a file
94              containing the remapping rules.  See  the  section  on  filename
95              remapping  below.   This  option may not be compiled in, see the
96              output of in.tftpd -V to verify whether or not it is available.
97
98       --verbose, -v
99              Increase the logging verbosity of tftpd.  This flag can be spec‐
100              ified multiple times for even higher verbosity.
101
102       --verbosity value
103              Set the verbosity value to value.
104
105       --refuse tftp-option, -r tftp-option
106              Indicate  that  a  specific RFC 2347 TFTP option should never be
107              accepted.
108
109       --blocksize max-block-size, -B max-block-size
110              Specifies the maximum permitted block size.  The permitted range
111              for  this parameter is from 512 to 65464.  Some embedded clients
112              request large block sizes and yet do not handle fragmented pack‐
113              ets  correctly; for these clients, it is recommended to set this
114              value to the smallest MTU on your network  minus  32  bytes  (20
115              bytes  for  IP,  8  for  UDP, and 4 for TFTP; less if you use IP
116              options on your network.)  For example, on a  standard  Ethernet
117              (MTU 1500) a value of 1468 is reasonable.
118
119       --port-range port:port, -R port:port
120              Force  the  server port number (the Transaction ID) to be in the
121              specified range of port numbers.
122
123       --version, -V
124              Print the version number and configuration to  standard  output,
125              then exit gracefully.
126

RFC 2347 OPTION NEGOTIATION

128       This  version  of tftpd supports RFC 2347 option negotation.  Currently
129       implemented options are:
130
131       blksize (RFC 2348)
132              Set the transfer block size to anything less than  or  equal  to
133              the  specified  option.   This  version of tftpd can support any
134              block size up to the theoretical maximum of 65464 bytes.
135
136       blksize2 (nonstandard)
137              Set the transfer block size to anything less than  or  equal  to
138              the  specified  option,  but  restrict the possible responses to
139              powers of 2.  The maximum is 32768 bytes (the largest power of 2
140              less than or equal to 65464.)
141
142       tsize (RFC 2349)
143              Report  the  size  of  the file that is about to be transferred.
144              This version of tftpd only supports the tsize option for  binary
145              (octet) mode transfers.
146
147       timeout (RFC 2349)
148              Set the time before the server retransmits a packet, in seconds.
149
150       utimeout (nonstandard)
151              Set  the  time  before  the  server  retransmits  a  packet,  in
152              microseconds.
153
154       rollover (nonstandard)
155              Set the block number to resume at after a block number rollover.
156              The default and recommended value is zero.
157
158       The  --refuse  option can be used to disable specific options; this may
159       be necessary to work around bugs in specific  TFTP  client  implementa‐
160       tions.   For  example, some TFTP clients have been found to request the
161       blksize option, but crash with an error if they actually get the option
162       accepted by the server.
163

FILENAME REMAPPING

165       The --mapfile option specifies a file which contains filename remapping
166       rules.  Each non-comment line (comments begin with hash marks, #)  con‐
167       tains  an  operation, specified below; a regex, a regular expression in
168       the style of egrep; and optionally a replacement pattern.   The  opera‐
169       tion  indicated  by  operation is performed if the regex matches all or
170       part of the filename.  Rules are processed from the top  down,  and  by
171       default, all rules are processed even if there is a match.
172
173       The operation can be any combination of the following letters:
174
175       r      Replace  the  substring matched by regex by the replacement pat‐
176              tern.  The replacement pattern may contain escape sequences; see
177              below.
178
179       g      Repeat  this  rule  until  it no longer matches.  This is always
180              used with r.
181
182       i      Match the regex case-insensitively.  By default it is case  sen‐
183              sitive.
184
185       e      If  this  rule  matches, end rule processing after executing the
186              rule.
187
188       s      If this rule matches, start rule processing over from  the  very
189              first rule after executing this rule.
190
191       a      If  this  rule  matches,  refuse  the request and send an access
192              denied error to the client.
193
194       G      This rule applies to GET (RRQ) requests only.
195
196       P      This rule applies to PUT (WRQ) requests only.
197
198       ~      Inverse the sense of this rule, i.e. execute the operation  only
199              if the regex doesn't match.  Cannot used together with r.
200
201       The  following  escape sequences are recognized as part of the replace‐
202       ment pattern:
203
204       \0     The entire string matched by the regex.
205
206       \1 to \9
207              The strings matched by each of the first nine parenthesized sub‐
208              expressions, \( ... \), of the regex pattern.
209
210       \i     The  IP  address of the requesting host, in dotted-quad notation
211              (e.g. 192.0.2.169).
212
213       \x     The IP address of the requesting host, in  hexadecimal  notation
214              (e.g. C00002A9).
215
216       \\     Literal backslash.
217
218       \whitespace
219              Literal whitespace.
220
221       \#     Literal hash mark.
222
223       \U     Turns all subsequent letters to upper case.
224
225       \L     Turns all subsequent letters to lower case.
226
227       \E     Cancels the effect of \U or \L.
228
229       If  the  mapping  file  is changed, you need to send SIGHUP to any out‐
230       standing tftpd process.
231

SECURITY

233       The use of TFTP services does not require an account or password on the
234       server  system.   Due  to the lack of authentication information, tftpd
235       will allow only publicly readable files (o+r) to  be  accessed,  unless
236       the  --permissive  option  is  specified.  Files may be written only if
237       they already exist and  are  publicly  writable,  unless  the  --create
238       option  is specified.  Note that this extends the concept of ``public''
239       to include all users on all hosts that can be reached through the  net‐
240       work;  this may not be appropriate on all systems, and its implications
241       should be considered before enabling  TFTP  service.   Typically,  some
242       kind  of  firewall  or  packet-filter  solution should be employed.  If
243       appropriately compiled (see the output  of  in.tftpd  --version)  tftpd
244       will query the hosts_access(5) database for access control information.
245       This may be slow; sites requiring maximum performance may want to  com‐
246       pile without this option and rely on firewalling or kernel-based packet
247       filters instead.
248
249       The server should be set to run as the user with  the  lowest  possible
250       privilege;  please  see the --user flag.  It is probably a good idea to
251       set up a specific user account for tftpd, rather than letting it run as
252       "nobody", to guard against privilege leaks between applications.
253
254       Access to files can, and should, be restricted by invoking tftpd with a
255       list of directories by including pathnames as server program  arguments
256       on  the command line.  In this case access is restricted to files whole
257       names are prefixed by one of the given directories.  If possible, it is
258       recommended  that  the --secure flag is used to set up a chroot() envi‐
259       ronment for the server to run in once a connection has been set up.
260
261       Finally, the filename remapping (--mapfile flag) support can be used to
262       provide a limited amount of additional access control.
263

CONFORMING TO

265       RFC 1123, Requirements for Internet Hosts - Application and Support.
266       RFC 1350, The TFTP Protocol (revision 2).
267       RFC 2347, TFTP Option Extension.
268       RFC 2348, TFTP Blocksize Option.
269       RFC 2349, TFTP Timeout Interval and Transfer Size Options.
270

AUTHOR

272       This  version of tftpd is maintained by H. Peter Anvin <hpa@zytor.com>.
273       It was derived from, but has substantially diverged  from,  an  OpenBSD
274       source base, with added patches by Markus Gutschke and Gero Kulhman.
275

SEE ALSO

277       tftp(1), egrep(1), umask(2), hosts_access(5), regex(7), inetd(8).
278
279
280
281tftp-hpa 5.2                   14 September 2009                      TFTPD(8)
Impressum