1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.Dd November 3, 2024 29.Dt TFTPD 8 30.Os 31.Sh NAME 32.Nm tftpd 33.Nd Internet Trivial File Transfer Protocol server 34.Sh SYNOPSIS 35.Nm tftpd 36.Op Fl bCcdlnoSw 37.Op Fl F Ar strftime-format 38.Op Fl s Ar directory 39.Op Fl U Ar umask 40.Op Fl u Ar user 41.Op Ar directory ... 42.Sh DESCRIPTION 43The 44.Nm 45utility is a server which supports the 46Internet Trivial File Transfer 47Protocol 48.Pq Tn RFC 1350 . 49The 50.Tn TFTP 51server operates 52at the port indicated in the 53.Ql tftp 54service description; 55see 56.Xr services 5 . 57The server is normally started by 58.Xr inetd 8 . 59.Pp 60The use of 61.Xr tftp 1 62does not require an account or password on the remote system. 63Due to the lack of authentication information, 64.Nm 65will allow only publicly readable files to be 66accessed. 67Files containing the string 68.Dq Li "/../" 69or starting with 70.Dq Li "../" 71are not allowed. 72Files may be written only if they already exist (unless the 73.Fl w 74option is used) and are publicly writable (unless chrooted and the 75.Fl S 76option is used). 77Note that this extends the concept of 78.Dq public 79to include 80all users on all hosts that can be reached through the network; 81this may not be appropriate on all systems, and its implications 82should be considered before enabling tftp service. 83The server should have the user ID with the lowest possible privilege. 84.Pp 85Access to files may be restricted by invoking 86.Nm 87with a list of directories by including up to 20 pathnames 88as server program arguments in 89.Xr inetd.conf 5 . 90In this case access is restricted to files whose 91names are prefixed by the one of the given directories. 92The given directories are also treated as a search path for 93relative filename requests. 94.Pp 95The 96.Fl s 97option provides additional security by changing 98the root directory of 99.Nm , 100thereby prohibiting accesses to outside of the specified 101.Ar directory . 102Because 103.Xr chroot 2 104requires super-user privileges, 105.Nm 106must be run as 107.Li root . 108However, after performing the 109.Xr chroot 2 110call, 111.Nm 112will set its user ID to that of the specified 113.Ar user , 114or 115.Dq Li nobody 116if no 117.Fl u 118option is specified. 119.Pp 120The options are: 121.Bl -tag -width Ds 122.It Fl b 123By default, 124.Nm 125expects an initial message to be available on its input socket. 126If no data is available, the server exits immediately. 127If 128.Fl b 129is specified, 130.Nm 131will block waiting for the initial message. 132.It Fl c 133Changes the default root directory of a connecting host via 134.Xr chroot 2 135based on the connecting IP address. 136This prevents multiple clients from writing to the same file at the same time. 137If the directory does not exist, the client connection is refused. 138The 139.Fl s 140option is required for 141.Fl c 142and the specified 143.Ar directory 144is used as a base. 145.It Fl C 146Operates the same as 147.Fl c 148except it falls back to 149.Ar directory 150specified via 151.Fl s 152if a directory does not exist for the client's IP. 153.It Fl F 154Use this 155.Xr strftime 3 156compatible format string for the creation of the suffix if 157.Fl W 158is specified. 159By default the string "%Y%m%d" is used. 160.It Fl d, d Ar [value] 161Enables debug output. 162If 163.Ar value 164is not specified, then the debug level is increased by one 165for each instance of 166.Fl d 167which is specified. 168.Pp 169If 170.Ar value 171is specified, then the debug level is set to 172.Ar value . 173The debug level is a bitmask implemented in 174.Pa src/libexec/tftpd/tftp-utils.h . 175Valid values are 0 (DEBUG_NONE), 1 (DEBUG_PACKETS), 2, (DEBUG_SIMPLE), 1764 (DEBUG_OPTIONS), and 8 (DEBUG_ACCESS). Multiple debug values can be combined 177in the bitmask by logically OR'ing the values. For example, specifying 178.Fl d 179.Ar 15 180will enable all the debug values. 181.It Fl l 182Log all requests using 183.Xr syslog 3 184with the facility of 185.Dv LOG_FTP . 186.Sy Note : 187Logging of 188.Dv LOG_FTP 189messages 190must also be enabled in the syslog configuration file, 191.Xr syslog.conf 5 . 192.It Fl n 193Suppress negative acknowledgement of requests for nonexistent 194relative filenames. 195.It Fl o 196Disable support for RFC2347 style TFTP Options. 197.It Fl s Ar directory 198Cause 199.Nm 200to change its root directory to 201.Ar directory . 202After doing that but before accepting commands, 203.Nm 204will switch credentials to an unprivileged user. 205.It Fl S 206If 207.Nm 208runs chrooted, the option allows write requests according to generic 209file permissions, skipping requirement for files to be publicly writable. 210The option is ignored for non-chrooted run. 211.It Fl u Ar user 212Switch credentials to 213.Ar user 214(default 215.Dq Li nobody ) 216when the 217.Fl s 218option is used. 219The user must be specified by name, not a numeric UID. 220.It Fl U Ar umask 221Set the 222.Ar umask 223for newly created files. 224The default is 022 225.Pq Dv S_IWGRP | S_IWOTH . 226.It Fl w 227Allow write requests to create new files. 228By default 229.Nm 230requires that the file specified in a write request exist. 231Note that this only works in directories writable by the user 232specified with 233.Fl u 234option 235.It Fl W 236As 237.Fl w 238but append a YYYYMMDD.nn sequence number to the end of the filename. 239Note that the string YYYYMMDD can be changed with the 240.Fl F 241option. 242.El 243.Sh SEE ALSO 244.Xr tftp 1 , 245.Xr chroot 2 , 246.Xr syslog 3 , 247.Xr inetd.conf 5 , 248.Xr services 5 , 249.Xr syslog.conf 5 , 250.Xr inetd 8 251.Pp 252The following RFC's are supported: 253.Rs 254.%T RFC 1350: The TFTP Protocol (Revision 2) 255.Re 256.Rs 257.%T RFC 2347: TFTP Option Extension 258.Re 259.Rs 260.%T RFC 2348: TFTP Blocksize Option 261.Re 262.Rs 263.%T RFC 2349: TFTP Timeout Interval and Transfer Size Options 264.Re 265.Rs 266.%T RFC 7440: TFTP Windowsize Option 267.Re 268.Pp 269The non-standard 270.Cm rollover 271and 272.Cm blksize2 273TFTP options are mentioned here: 274.Rs 275.%T Extending TFTP 276.%U http://www.compuphase.com/tftp.htm 277.Re 278.Sh HISTORY 279The 280.Nm 281utility appeared in 282.Bx 4.2 ; 283the 284.Fl s 285option was introduced in 286.Fx 2.2 , 287the 288.Fl u 289option was introduced in 290.Fx 4.2 , 291the 292.Fl c 293option was introduced in 294.Fx 4.3 , 295the 296.Fl F 297and 298.Fl W 299options were introduced in 300.Fx 7.4 , 301and the 302.Fl S 303option was introduced in 304.Fx 13.3 . 305.Pp 306Support for Timeout Interval and Transfer Size Options (RFC2349) 307was introduced in 308.Fx 5.0 , 309support for the TFTP Blocksize Option (RFC2348) and the blksize2 option 310was introduced in 311.Fx 7.4 . 312.Pp 313Edwin Groothuis <edwin@FreeBSD.org> performed a major rewrite of the 314.Nm 315and 316.Xr tftp 1 317code to support RFC2348. 318.Pp 319Support for the windowsize option (RFC7440) was introduced in 320.Fx 13.0 . 321.Sh NOTES 322Files larger than 33,553,919 octets (65535 blocks, last one <512 323octets) cannot be correctly transferred without client and server 324supporting blocksize negotiation (RFCs 2347 and 2348), 325or the non-standard TFTP rollover option. 326As a kludge, 327.Nm 328accepts a sequence of block number which wrap to zero after 65535, 329even if the rollover option is not specified. 330.Pp 331Many tftp clients will not transfer files over 16,776,703 octets 332(32767 blocks), as they incorrectly count the block number using 333a signed rather than unsigned 16-bit integer. 334