xref: /freebsd/libexec/tftpd/tftpd.8 (revision b28624fde638caadd4a89f50c9b7e7da0f98c4d2)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgement:
14.\"	This product includes software developed by the University of
15.\"	California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\"	@(#)tftpd.8	8.1 (Berkeley) 6/4/93
33.\" $FreeBSD$
34.\"
35.Dd September 14, 2000
36.Dt TFTPD 8
37.Os
38.Sh NAME
39.Nm tftpd
40.Nd Internet Trivial File Transfer Protocol server
41.Sh SYNOPSIS
42.Nm tftpd
43.Op Fl cClnw
44.Op Fl s Ar directory
45.Op Fl u Ar user
46.Op Fl U Ar umask
47.Op Ar directory ...
48.Sh DESCRIPTION
49The
50.Nm
51utility is a server which supports the
52Internet Trivial File Transfer
53Protocol
54.Pq Tn RFC 1350 .
55The
56.Tn TFTP
57server operates
58at the port indicated in the
59.Ql tftp
60service description;
61see
62.Xr services 5 .
63The server is normally started by
64.Xr inetd 8 .
65.Pp
66The use of
67.Xr tftp 1
68does not require an account or password on the remote system.
69Due to the lack of authentication information,
70.Nm
71will allow only publicly readable files to be
72accessed.
73Files containing the string
74.Dq Li "/../"
75or starting with
76.Dq Li "../"
77are not allowed.
78Files may be written only if they already exist and are publicly writable.
79Note that this extends the concept of
80.Dq public
81to include
82all users on all hosts that can be reached through the network;
83this may not be appropriate on all systems, and its implications
84should be considered before enabling tftp service.
85The server should have the user ID with the lowest possible privilege.
86.Pp
87Access to files may be restricted by invoking
88.Nm
89with a list of directories by including up to 20 pathnames
90as server program arguments in
91.Xr inetd.conf 5 .
92In this case access is restricted to files whose
93names are prefixed by the one of the given directories.
94The given directories are also treated as a search path for
95relative filename requests.
96.Pp
97The
98.Fl s
99option provides additional security by changing
100the root directory of
101.Nm ,
102thereby prohibiting accesses to outside of the specified
103.Ar directory .
104Because
105.Xr chroot 2
106requires super-user privileges,
107.Nm
108must be run as
109.Li root .
110However, after performing the
111.Xr chroot 2
112call,
113.Nm
114will set its user ID to that of the specified
115.Ar user ,
116or
117.Dq Li nobody
118if no
119.Fl u
120option is specified.
121.Pp
122The options are:
123.Bl -tag -width Ds
124.It Fl c
125Changes the default root directory of a connecting host via
126.Xr chroot 2
127based on the connecting IP address.
128This prevents multiple clients from writing to the same file at the same time.
129If the directory does not exist, the client connection is refused.
130The
131.Fl s
132option is required for
133.Fl c
134and the specified
135.Ar directory
136is used as a base.
137.It Fl C
138Operates the same as
139.Fl c
140except it falls back to
141.Ar directory
142specified via
143.Fl s
144if a directory does not exist for the client's IP.
145.It Fl l
146Log all requests using
147.Xr syslog 3
148with the facility of
149.Dv LOG_FTP .
150.Sy Note :
151Logging of
152.Dv LOG_FTP
153messages
154must also be enabled in the syslog configuration file,
155.Xr syslog.conf 5 .
156.It Fl n
157Suppress negative acknowledgement of requests for nonexistent
158relative filenames.
159.It Fl s Ar directory
160Cause
161.Nm
162to change its root directory to
163.Ar directory .
164After doing that but before accepting commands,
165.Nm
166will switch credentials to an unprivileged user.
167.It Fl u Ar user
168Switch credentials to
169.Ar user
170(default
171.Dq Li nobody )
172when the
173.Fl s
174option is used.
175The user must be specified by name, not a numeric UID.
176.It Fl U Ar umask
177Set the
178.Ar umask
179for newly created files.
180The default is 022
181.Pq Dv S_IWGRP | S_IWOTH .
182.It Fl w
183Allow write requests to create new files.
184By default
185.Nm
186requires that the file specified in a write request exist.
187.El
188.Sh SEE ALSO
189.Xr tftp 1 ,
190.Xr chroot 2 ,
191.Xr syslog 3 ,
192.Xr inetd.conf 5 ,
193.Xr services 5 ,
194.Xr syslog.conf 5 ,
195.Xr inetd 8
196.Rs
197.%A K. R. Sollins
198.%T The TFTP Protocol (Revision 2)
199.%D July 1992
200.%O RFC 1350, STD 33
201.Re
202.Sh HISTORY
203The
204.Nm
205utility appeared in
206.Bx 4.2 ;
207the
208.Fl s
209option was introduced in
210.Fx 2.2 ,
211the
212.Fl u
213option was introduced in
214.Fx 4.2 ,
215and the
216.Fl c
217option was introduced in
218.Fx 4.3 .
219.Sh BUGS
220Files larger than 33488896 octets (65535 blocks) cannot be transferred
221without client and server supporting blocksize negotiation (RFC1783).
222.Pp
223Many tftp clients will not transfer files over 16744448 octets (32767 blocks).
224