1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93 29.\" $FreeBSD$ 30.\" 31.Dd July 20, 2023 32.Dt TFTPD 8 33.Os 34.Sh NAME 35.Nm tftpd 36.Nd Internet Trivial File Transfer Protocol server 37.Sh SYNOPSIS 38.Nm tftpd 39.Op Fl cdClnow 40.Op Fl F Ar strftime-format 41.Op Fl s Ar directory 42.Op Fl u Ar user 43.Op Fl U Ar umask 44.Op Ar directory ... 45.Sh DESCRIPTION 46The 47.Nm 48utility is a server which supports the 49Internet Trivial File Transfer 50Protocol 51.Pq Tn RFC 1350 . 52The 53.Tn TFTP 54server operates 55at the port indicated in the 56.Ql tftp 57service description; 58see 59.Xr services 5 . 60The server is normally started by 61.Xr inetd 8 . 62.Pp 63The use of 64.Xr tftp 1 65does not require an account or password on the remote system. 66Due to the lack of authentication information, 67.Nm 68will allow only publicly readable files to be 69accessed. 70Files containing the string 71.Dq Li "/../" 72or starting with 73.Dq Li "../" 74are not allowed. 75Files may be written only if they already exist (unless the 76.Fl w 77option is used) and are publicly writable (unless chrooted and the 78.Fl S 79option is used). 80Note that this extends the concept of 81.Dq public 82to include 83all users on all hosts that can be reached through the network; 84this may not be appropriate on all systems, and its implications 85should be considered before enabling tftp service. 86The server should have the user ID with the lowest possible privilege. 87.Pp 88Access to files may be restricted by invoking 89.Nm 90with a list of directories by including up to 20 pathnames 91as server program arguments in 92.Xr inetd.conf 5 . 93In this case access is restricted to files whose 94names are prefixed by the one of the given directories. 95The given directories are also treated as a search path for 96relative filename requests. 97.Pp 98The 99.Fl s 100option provides additional security by changing 101the root directory of 102.Nm , 103thereby prohibiting accesses to outside of the specified 104.Ar directory . 105Because 106.Xr chroot 2 107requires super-user privileges, 108.Nm 109must be run as 110.Li root . 111However, after performing the 112.Xr chroot 2 113call, 114.Nm 115will set its user ID to that of the specified 116.Ar user , 117or 118.Dq Li nobody 119if no 120.Fl u 121option is specified. 122.Pp 123The options are: 124.Bl -tag -width Ds 125.It Fl c 126Changes the default root directory of a connecting host via 127.Xr chroot 2 128based on the connecting IP address. 129This prevents multiple clients from writing to the same file at the same time. 130If the directory does not exist, the client connection is refused. 131The 132.Fl s 133option is required for 134.Fl c 135and the specified 136.Ar directory 137is used as a base. 138.It Fl C 139Operates the same as 140.Fl c 141except it falls back to 142.Ar directory 143specified via 144.Fl s 145if a directory does not exist for the client's IP. 146.It Fl F 147Use this 148.Xr strftime 3 149compatible format string for the creation of the suffix if 150.Fl W 151is specified. 152By default the string "%Y%m%d" is used. 153.It Fl d, d Ar [value] 154Enables debug output. 155If 156.Ar value 157is not specified, then the debug level is increased by one 158for each instance of 159.Fl d 160which is specified. 161.Pp 162If 163.Ar value 164is specified, then the debug level is set to 165.Ar value . 166The debug level is a bitmask implemented in 167.Pa src/libexec/tftpd/tftp-utils.h . 168Valid values are 0 (DEBUG_NONE), 1 (DEBUG_PACKETS), 2, (DEBUG_SIMPLE), 1694 (DEBUG_OPTIONS), and 8 (DEBUG_ACCESS). Multiple debug values can be combined 170in the bitmask by logically OR'ing the values. For example, specifying 171.Fl d 172.Ar 15 173will enable all the debug values. 174.It Fl l 175Log all requests using 176.Xr syslog 3 177with the facility of 178.Dv LOG_FTP . 179.Sy Note : 180Logging of 181.Dv LOG_FTP 182messages 183must also be enabled in the syslog configuration file, 184.Xr syslog.conf 5 . 185.It Fl n 186Suppress negative acknowledgement of requests for nonexistent 187relative filenames. 188.It Fl o 189Disable support for RFC2347 style TFTP Options. 190.It Fl s Ar directory 191Cause 192.Nm 193to change its root directory to 194.Ar directory . 195After doing that but before accepting commands, 196.Nm 197will switch credentials to an unprivileged user. 198.It Fl S 199If 200.Nm 201runs chrooted, the option allows write requests according to generic 202file permissions, skipping requirement for files to be publicly writable. 203The option is ignored for non-chrooted run. 204.It Fl u Ar user 205Switch credentials to 206.Ar user 207(default 208.Dq Li nobody ) 209when the 210.Fl s 211option is used. 212The user must be specified by name, not a numeric UID. 213.It Fl U Ar umask 214Set the 215.Ar umask 216for newly created files. 217The default is 022 218.Pq Dv S_IWGRP | S_IWOTH . 219.It Fl w 220Allow write requests to create new files. 221By default 222.Nm 223requires that the file specified in a write request exist. 224Note that this only works in directories writable by the user 225specified with 226.Fl u 227option 228.It Fl W 229As 230.Fl w 231but append a YYYYMMDD.nn sequence number to the end of the filename. 232Note that the string YYYYMMDD can be changed with the 233.Fl F 234option. 235.El 236.Sh SEE ALSO 237.Xr tftp 1 , 238.Xr chroot 2 , 239.Xr syslog 3 , 240.Xr inetd.conf 5 , 241.Xr services 5 , 242.Xr syslog.conf 5 , 243.Xr inetd 8 244.Pp 245The following RFC's are supported: 246.Rs 247.%T RFC 1350: The TFTP Protocol (Revision 2) 248.Re 249.Rs 250.%T RFC 2347: TFTP Option Extension 251.Re 252.Rs 253.%T RFC 2348: TFTP Blocksize Option 254.Re 255.Rs 256.%T RFC 2349: TFTP Timeout Interval and Transfer Size Options 257.Re 258.Rs 259.%T RFC 7440: TFTP Windowsize Option 260.Re 261.Pp 262The non-standard 263.Cm rollover 264and 265.Cm blksize2 266TFTP options are mentioned here: 267.Rs 268.%T Extending TFTP 269.%U http://www.compuphase.com/tftp.htm 270.Re 271.Sh HISTORY 272The 273.Nm 274utility appeared in 275.Bx 4.2 ; 276the 277.Fl s 278option was introduced in 279.Fx 2.2 , 280the 281.Fl u 282option was introduced in 283.Fx 4.2 , 284the 285.Fl c 286option was introduced in 287.Fx 4.3 , 288the 289.Fl F 290and 291.Fl W 292options were introduced in 293.Fx 7.4 , 294and the 295.Fl S 296option was introduced in 297.Fx 13.3 . 298.Pp 299Support for Timeout Interval and Transfer Size Options (RFC2349) 300was introduced in 301.Fx 5.0 , 302support for the TFTP Blocksize Option (RFC2348) and the blksize2 option 303was introduced in 304.Fx 7.4 . 305.Pp 306Edwin Groothuis <edwin@FreeBSD.org> performed a major rewrite of the 307.Nm 308and 309.Xr tftp 1 310code to support RFC2348. 311.Pp 312Support for the windowsize option (RFC7440) was introduced in 313.Fx 13.0 . 314.Sh NOTES 315Files larger than 33,553,919 octets (65535 blocks, last one <512 316octets) cannot be correctly transferred without client and server 317supporting blocksize negotiation (RFCs 2347 and 2348), 318or the non-standard TFTP rollover option. 319As a kludge, 320.Nm 321accepts a sequence of block number which wrap to zero after 65535, 322even if the rollover option is not specified. 323.Pp 324Many tftp clients will not transfer files over 16,776,703 octets 325(32767 blocks), as they incorrectly count the block number using 326a signed rather than unsigned 16-bit integer. 327