xref: /freebsd/libexec/tftpd/tftpd.8 (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgement:
14.\"	This product includes software developed by the University of
15.\"	California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\"	@(#)tftpd.8	8.1 (Berkeley) 6/4/93
33.\" $FreeBSD$
34.\"
35.Dd September 14, 2000
36.Dt TFTPD 8
37.Os
38.Sh NAME
39.Nm tftpd
40.Nd Internet Trivial File Transfer Protocol server
41.Sh SYNOPSIS
42.Nm tftpd
43.Op Fl cClnwW
44.Op Fl F Ar strftime-format
45.Op Fl s Ar directory
46.Op Fl u Ar user
47.Op Fl U Ar umask
48.Op Ar directory ...
49.Sh DESCRIPTION
50The
51.Nm
52utility is a server which supports the
53Internet Trivial File Transfer
54Protocol
55.Pq Tn RFC 1350 .
56The
57.Tn TFTP
58server operates
59at the port indicated in the
60.Ql tftp
61service description;
62see
63.Xr services 5 .
64The server is normally started by
65.Xr inetd 8 .
66.Pp
67The use of
68.Xr tftp 1
69does not require an account or password on the remote system.
70Due to the lack of authentication information,
71.Nm
72will allow only publicly readable files to be
73accessed.
74Files containing the string
75.Dq Li "/../"
76or starting with
77.Dq Li "../"
78are not allowed.
79Files may be written only if they already exist and are publicly writable.
80Note that this extends the concept of
81.Dq public
82to include
83all users on all hosts that can be reached through the network;
84this may not be appropriate on all systems, and its implications
85should be considered before enabling tftp service.
86The server should have the user ID with the lowest possible privilege.
87.Pp
88Access to files may be restricted by invoking
89.Nm
90with a list of directories by including up to 20 pathnames
91as server program arguments in
92.Xr inetd.conf 5 .
93In this case access is restricted to files whose
94names are prefixed by the one of the given directories.
95The given directories are also treated as a search path for
96relative filename requests.
97.Pp
98The
99.Fl s
100option provides additional security by changing
101the root directory of
102.Nm ,
103thereby prohibiting accesses to outside of the specified
104.Ar directory .
105Because
106.Xr chroot 2
107requires super-user privileges,
108.Nm
109must be run as
110.Li root .
111However, after performing the
112.Xr chroot 2
113call,
114.Nm
115will set its user ID to that of the specified
116.Ar user ,
117or
118.Dq Li nobody
119if no
120.Fl u
121option is specified.
122.Pp
123The options are:
124.Bl -tag -width Ds
125.It Fl c
126Changes the default root directory of a connecting host via
127.Xr chroot 2
128based on the connecting IP address.
129This prevents multiple clients from writing to the same file at the same time.
130If the directory does not exist, the client connection is refused.
131The
132.Fl s
133option is required for
134.Fl c
135and the specified
136.Ar directory
137is used as a base.
138.It Fl C
139Operates the same as
140.Fl c
141except it falls back to
142.Ar directory
143specified via
144.Fl s
145if a directory does not exist for the client's IP.
146.It Fl F
147Use this
148.Xr strftime 3
149compatible format string for the creation of the suffix if
150.Fl W
151is specified.
152By default the string "%Y%m%d" is used.
153.It Fl l
154Log all requests using
155.Xr syslog 3
156with the facility of
157.Dv LOG_FTP .
158.Sy Note :
159Logging of
160.Dv LOG_FTP
161messages
162must also be enabled in the syslog configuration file,
163.Xr syslog.conf 5 .
164.It Fl n
165Suppress negative acknowledgement of requests for nonexistent
166relative filenames.
167.It Fl s Ar directory
168Cause
169.Nm
170to change its root directory to
171.Ar directory .
172After doing that but before accepting commands,
173.Nm
174will switch credentials to an unprivileged user.
175.It Fl u Ar user
176Switch credentials to
177.Ar user
178(default
179.Dq Li nobody )
180when the
181.Fl s
182option is used.
183The user must be specified by name, not a numeric UID.
184.It Fl U Ar umask
185Set the
186.Ar umask
187for newly created files.
188The default is 022
189.Pq Dv S_IWGRP | S_IWOTH .
190.It Fl w
191Allow write requests to create new files.
192By default
193.Nm
194requires that the file specified in a write request exist.
195Note that this only works in directories writable by the user
196specified with
197.Fl u
198option
199.It Fl W
200As
201.Fl w
202but append a YYYYMMDD.nn sequence number to the end of the filename.
203Note that the string YYYYMMDD can be changed with the
204.Fl F
205option.
206.El
207.Sh SEE ALSO
208.Xr tftp 1 ,
209.Xr chroot 2 ,
210.Xr syslog 3 ,
211.Xr inetd.conf 5 ,
212.Xr services 5 ,
213.Xr syslog.conf 5 ,
214.Xr inetd 8
215.Rs
216.%A K. R. Sollins
217.%T The TFTP Protocol (Revision 2)
218.%D July 1992
219.%O RFC 1350, STD 33
220.Re
221.Sh HISTORY
222The
223.Nm
224utility appeared in
225.Bx 4.2 ;
226the
227.Fl s
228option was introduced in
229.Fx 2.2 ,
230the
231.Fl u
232option was introduced in
233.Fx 4.2 ,
234the
235.Fl c
236option was introduced in
237.Fx 4.3 ,
238and the
239.Fl F
240and
241.Fl W
242options were introduced in
243.Fx 7 .
244.Pp
245.Sh BUGS
246Files larger than 33488896 octets (65535 blocks) cannot be transferred
247without client and server supporting blocksize negotiation (RFC1783).
248.Pp
249Many tftp clients will not transfer files over 16744448 octets (32767 blocks).
250