xref: /freebsd/libexec/tftpd/tftpd.8 (revision 10b9d77bf1ccf2f3affafa6261692cb92cf7e992)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgement:
14.\"	This product includes software developed by the University of
15.\"	California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\"	@(#)tftpd.8	8.1 (Berkeley) 6/4/93
33.\" $FreeBSD$
34.\"
35.Dd September 14, 2000
36.Dt TFTPD 8
37.Os
38.Sh NAME
39.Nm tftpd
40.Nd Internet Trivial File Transfer Protocol server
41.Sh SYNOPSIS
42.Nm tftpd
43.Op Fl cdClnow
44.Op Fl F Ar strftime-format
45.Op Fl s Ar directory
46.Op Fl u Ar user
47.Op Fl U Ar umask
48.Op Ar directory ...
49.Sh DESCRIPTION
50The
51.Nm
52utility is a server which supports the
53Internet Trivial File Transfer
54Protocol
55.Pq Tn RFC 1350 .
56The
57.Tn TFTP
58server operates
59at the port indicated in the
60.Ql tftp
61service description;
62see
63.Xr services 5 .
64The server is normally started by
65.Xr inetd 8 .
66.Pp
67The use of
68.Xr tftp 1
69does not require an account or password on the remote system.
70Due to the lack of authentication information,
71.Nm
72will allow only publicly readable files to be
73accessed.
74Files containing the string
75.Dq Li "/../"
76or starting with
77.Dq Li "../"
78are not allowed.
79Files may be written only if they already exist and are publicly writable.
80Note that this extends the concept of
81.Dq public
82to include
83all users on all hosts that can be reached through the network;
84this may not be appropriate on all systems, and its implications
85should be considered before enabling tftp service.
86The server should have the user ID with the lowest possible privilege.
87.Pp
88Access to files may be restricted by invoking
89.Nm
90with a list of directories by including up to 20 pathnames
91as server program arguments in
92.Xr inetd.conf 5 .
93In this case access is restricted to files whose
94names are prefixed by the one of the given directories.
95The given directories are also treated as a search path for
96relative filename requests.
97.Pp
98The
99.Fl s
100option provides additional security by changing
101the root directory of
102.Nm ,
103thereby prohibiting accesses to outside of the specified
104.Ar directory .
105Because
106.Xr chroot 2
107requires super-user privileges,
108.Nm
109must be run as
110.Li root .
111However, after performing the
112.Xr chroot 2
113call,
114.Nm
115will set its user ID to that of the specified
116.Ar user ,
117or
118.Dq Li nobody
119if no
120.Fl u
121option is specified.
122.Pp
123The options are:
124.Bl -tag -width Ds
125.It Fl c
126Changes the default root directory of a connecting host via
127.Xr chroot 2
128based on the connecting IP address.
129This prevents multiple clients from writing to the same file at the same time.
130If the directory does not exist, the client connection is refused.
131The
132.Fl s
133option is required for
134.Fl c
135and the specified
136.Ar directory
137is used as a base.
138.It Fl C
139Operates the same as
140.Fl c
141except it falls back to
142.Ar directory
143specified via
144.Fl s
145if a directory does not exist for the client's IP.
146.It Fl F
147Use this
148.Xr strftime 3
149compatible format string for the creation of the suffix if
150.Fl W
151is specified.
152By default the string "%Y%m%d" is used.
153.It Fl d
154Enables debug output.
155If specified twice, it will log DATA and ACK packets too.
156.It Fl l
157Log all requests using
158.Xr syslog 3
159with the facility of
160.Dv LOG_FTP .
161.Sy Note :
162Logging of
163.Dv LOG_FTP
164messages
165must also be enabled in the syslog configuration file,
166.Xr syslog.conf 5 .
167.It Fl n
168Suppress negative acknowledgement of requests for nonexistent
169relative filenames.
170.It Fl o
171Disable support for RFC2347 style TFTP Options.
172.It Fl s Ar directory
173Cause
174.Nm
175to change its root directory to
176.Ar directory .
177After doing that but before accepting commands,
178.Nm
179will switch credentials to an unprivileged user.
180.It Fl u Ar user
181Switch credentials to
182.Ar user
183(default
184.Dq Li nobody )
185when the
186.Fl s
187option is used.
188The user must be specified by name, not a numeric UID.
189.It Fl U Ar umask
190Set the
191.Ar umask
192for newly created files.
193The default is 022
194.Pq Dv S_IWGRP | S_IWOTH .
195.It Fl w
196Allow write requests to create new files.
197By default
198.Nm
199requires that the file specified in a write request exist.
200Note that this only works in directories writable by the user
201specified with
202.Fl u
203option
204.It Fl W
205As
206.Fl w
207but append a YYYYMMDD.nn sequence number to the end of the filename.
208Note that the string YYYYMMDD can be changed with the
209.Fl F
210option.
211.El
212.Sh SEE ALSO
213.Xr tftp 1 ,
214.Xr chroot 2 ,
215.Xr syslog 3 ,
216.Xr inetd.conf 5 ,
217.Xr services 5 ,
218.Xr syslog.conf 5 ,
219.Xr inetd 8
220.Rs
221.%A K. R. Sollins
222.%T The TFTP Protocol (Revision 2)
223.%D July 1992
224.%O RFC 1350, STD 33
225.Re
226.Sh HISTORY
227The
228.Nm
229utility appeared in
230.Bx 4.2 ;
231the
232.Fl s
233option was introduced in
234.Fx 2.2 ,
235the
236.Fl u
237option was introduced in
238.Fx 4.2 ,
239the
240.Fl c
241option was introduced in
242.Fx 4.3 ,
243and the
244.Fl F
245and
246.Fl W
247options were introduced in
248.Fx 7.4 .
249.Pp
250Support for Timeout Interval and Transfer Size Options (RFC2349)
251was introduced in
252.Fx 5.0 ,
253support for the TFTP Blocksize Option (RFC2348) and the blksize2 option
254was introduced in
255.Fx 7.4 .
256.Sh BUGS
257Files larger than 33488896 octets (65535 blocks) cannot be transferred
258without client and server supporting blocksize negotiation (RFC2348).
259.Pp
260Many tftp clients will not transfer files over 16744448 octets (32767 blocks).
261