xref: /freebsd/libexec/tftpd/tftpd.8 (revision aa1a8ff2d6dbc51ef058f46f3db5a8bb77967145)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.Dd July 20, 2023
29.Dt TFTPD 8
30.Os
31.Sh NAME
32.Nm tftpd
33.Nd Internet Trivial File Transfer Protocol server
34.Sh SYNOPSIS
35.Nm tftpd
36.Op Fl cdClnow
37.Op Fl F Ar strftime-format
38.Op Fl s Ar directory
39.Op Fl u Ar user
40.Op Fl U Ar umask
41.Op Ar directory ...
42.Sh DESCRIPTION
43The
44.Nm
45utility is a server which supports the
46Internet Trivial File Transfer
47Protocol
48.Pq Tn RFC 1350 .
49The
50.Tn TFTP
51server operates
52at the port indicated in the
53.Ql tftp
54service description;
55see
56.Xr services 5 .
57The server is normally started by
58.Xr inetd 8 .
59.Pp
60The use of
61.Xr tftp 1
62does not require an account or password on the remote system.
63Due to the lack of authentication information,
64.Nm
65will allow only publicly readable files to be
66accessed.
67Files containing the string
68.Dq Li "/../"
69or starting with
70.Dq Li "../"
71are not allowed.
72Files may be written only if they already exist (unless the
73.Fl w
74option is used) and are publicly writable (unless chrooted and the
75.Fl S
76option is used).
77Note that this extends the concept of
78.Dq public
79to include
80all users on all hosts that can be reached through the network;
81this may not be appropriate on all systems, and its implications
82should be considered before enabling tftp service.
83The server should have the user ID with the lowest possible privilege.
84.Pp
85Access to files may be restricted by invoking
86.Nm
87with a list of directories by including up to 20 pathnames
88as server program arguments in
89.Xr inetd.conf 5 .
90In this case access is restricted to files whose
91names are prefixed by the one of the given directories.
92The given directories are also treated as a search path for
93relative filename requests.
94.Pp
95The
96.Fl s
97option provides additional security by changing
98the root directory of
99.Nm ,
100thereby prohibiting accesses to outside of the specified
101.Ar directory .
102Because
103.Xr chroot 2
104requires super-user privileges,
105.Nm
106must be run as
107.Li root .
108However, after performing the
109.Xr chroot 2
110call,
111.Nm
112will set its user ID to that of the specified
113.Ar user ,
114or
115.Dq Li nobody
116if no
117.Fl u
118option is specified.
119.Pp
120The options are:
121.Bl -tag -width Ds
122.It Fl c
123Changes the default root directory of a connecting host via
124.Xr chroot 2
125based on the connecting IP address.
126This prevents multiple clients from writing to the same file at the same time.
127If the directory does not exist, the client connection is refused.
128The
129.Fl s
130option is required for
131.Fl c
132and the specified
133.Ar directory
134is used as a base.
135.It Fl C
136Operates the same as
137.Fl c
138except it falls back to
139.Ar directory
140specified via
141.Fl s
142if a directory does not exist for the client's IP.
143.It Fl F
144Use this
145.Xr strftime 3
146compatible format string for the creation of the suffix if
147.Fl W
148is specified.
149By default the string "%Y%m%d" is used.
150.It Fl d, d Ar [value]
151Enables debug output.
152If
153.Ar value
154is not specified, then the debug level is increased by one
155for each instance of
156.Fl d
157which is specified.
158.Pp
159If
160.Ar value
161is specified, then the debug level is set to
162.Ar value .
163The debug level is a bitmask implemented in
164.Pa src/libexec/tftpd/tftp-utils.h .
165Valid values are 0 (DEBUG_NONE), 1 (DEBUG_PACKETS), 2, (DEBUG_SIMPLE),
1664 (DEBUG_OPTIONS), and 8 (DEBUG_ACCESS).  Multiple debug values can be combined
167in the bitmask by logically OR'ing the values.  For example, specifying
168.Fl d
169.Ar 15
170will enable all the debug values.
171.It Fl l
172Log all requests using
173.Xr syslog 3
174with the facility of
175.Dv LOG_FTP .
176.Sy Note :
177Logging of
178.Dv LOG_FTP
179messages
180must also be enabled in the syslog configuration file,
181.Xr syslog.conf 5 .
182.It Fl n
183Suppress negative acknowledgement of requests for nonexistent
184relative filenames.
185.It Fl o
186Disable support for RFC2347 style TFTP Options.
187.It Fl s Ar directory
188Cause
189.Nm
190to change its root directory to
191.Ar directory .
192After doing that but before accepting commands,
193.Nm
194will switch credentials to an unprivileged user.
195.It Fl S
196If
197.Nm
198runs chrooted, the option allows write requests according to generic
199file permissions, skipping requirement for files to be publicly writable.
200The option is ignored for non-chrooted run.
201.It Fl u Ar user
202Switch credentials to
203.Ar user
204(default
205.Dq Li nobody )
206when the
207.Fl s
208option is used.
209The user must be specified by name, not a numeric UID.
210.It Fl U Ar umask
211Set the
212.Ar umask
213for newly created files.
214The default is 022
215.Pq Dv S_IWGRP | S_IWOTH .
216.It Fl w
217Allow write requests to create new files.
218By default
219.Nm
220requires that the file specified in a write request exist.
221Note that this only works in directories writable by the user
222specified with
223.Fl u
224option
225.It Fl W
226As
227.Fl w
228but append a YYYYMMDD.nn sequence number to the end of the filename.
229Note that the string YYYYMMDD can be changed with the
230.Fl F
231option.
232.El
233.Sh SEE ALSO
234.Xr tftp 1 ,
235.Xr chroot 2 ,
236.Xr syslog 3 ,
237.Xr inetd.conf 5 ,
238.Xr services 5 ,
239.Xr syslog.conf 5 ,
240.Xr inetd 8
241.Pp
242The following RFC's are supported:
243.Rs
244.%T RFC 1350: The TFTP Protocol (Revision 2)
245.Re
246.Rs
247.%T RFC 2347: TFTP Option Extension
248.Re
249.Rs
250.%T RFC 2348: TFTP Blocksize Option
251.Re
252.Rs
253.%T RFC 2349: TFTP Timeout Interval and Transfer Size Options
254.Re
255.Rs
256.%T RFC 7440: TFTP Windowsize Option
257.Re
258.Pp
259The non-standard
260.Cm rollover
261and
262.Cm blksize2
263TFTP options are mentioned here:
264.Rs
265.%T Extending TFTP
266.%U http://www.compuphase.com/tftp.htm
267.Re
268.Sh HISTORY
269The
270.Nm
271utility appeared in
272.Bx 4.2 ;
273the
274.Fl s
275option was introduced in
276.Fx 2.2 ,
277the
278.Fl u
279option was introduced in
280.Fx 4.2 ,
281the
282.Fl c
283option was introduced in
284.Fx 4.3 ,
285the
286.Fl F
287and
288.Fl W
289options were introduced in
290.Fx 7.4 ,
291and the
292.Fl S
293option was introduced in
294.Fx 13.3 .
295.Pp
296Support for Timeout Interval and Transfer Size Options (RFC2349)
297was introduced in
298.Fx 5.0 ,
299support for the TFTP Blocksize Option (RFC2348) and the blksize2 option
300was introduced in
301.Fx 7.4 .
302.Pp
303Edwin Groothuis <edwin@FreeBSD.org> performed a major rewrite of the
304.Nm
305and
306.Xr tftp 1
307code to support RFC2348.
308.Pp
309Support for the windowsize option (RFC7440) was introduced in
310.Fx 13.0 .
311.Sh NOTES
312Files larger than 33,553,919 octets (65535 blocks, last one <512
313octets) cannot be correctly transferred without client and server
314supporting blocksize negotiation (RFCs 2347 and 2348),
315or the non-standard TFTP rollover option.
316As a kludge,
317.Nm
318accepts a sequence of block number which wrap to zero after 65535,
319even if the rollover option is not specified.
320.Pp
321Many tftp clients will not transfer files over 16,776,703 octets
322(32767 blocks), as they incorrectly count the block number using
323a signed rather than unsigned 16-bit integer.
324