xref: /freebsd/libexec/tftpd/tftpd.8 (revision bb15ca603fa442c72dde3f3cb8b46db6970e3950)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgement:
14.\"	This product includes software developed by the University of
15.\"	California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\"	@(#)tftpd.8	8.1 (Berkeley) 6/4/93
33.\" $FreeBSD$
34.\"
35.Dd June 22, 2011
36.Dt TFTPD 8
37.Os
38.Sh NAME
39.Nm tftpd
40.Nd Internet Trivial File Transfer Protocol server
41.Sh SYNOPSIS
42.Nm tftpd
43.Op Fl cdClnow
44.Op Fl F Ar strftime-format
45.Op Fl s Ar directory
46.Op Fl u Ar user
47.Op Fl U Ar umask
48.Op Ar directory ...
49.Sh DESCRIPTION
50The
51.Nm
52utility is a server which supports the
53Internet Trivial File Transfer
54Protocol
55.Pq Tn RFC 1350 .
56The
57.Tn TFTP
58server operates
59at the port indicated in the
60.Ql tftp
61service description;
62see
63.Xr services 5 .
64The server is normally started by
65.Xr inetd 8 .
66.Pp
67The use of
68.Xr tftp 1
69does not require an account or password on the remote system.
70Due to the lack of authentication information,
71.Nm
72will allow only publicly readable files to be
73accessed.
74Files containing the string
75.Dq Li "/../"
76or starting with
77.Dq Li "../"
78are not allowed.
79Files may be written only if they already exist and are publicly writable.
80Note that this extends the concept of
81.Dq public
82to include
83all users on all hosts that can be reached through the network;
84this may not be appropriate on all systems, and its implications
85should be considered before enabling tftp service.
86The server should have the user ID with the lowest possible privilege.
87.Pp
88Access to files may be restricted by invoking
89.Nm
90with a list of directories by including up to 20 pathnames
91as server program arguments in
92.Xr inetd.conf 5 .
93In this case access is restricted to files whose
94names are prefixed by the one of the given directories.
95The given directories are also treated as a search path for
96relative filename requests.
97.Pp
98The
99.Fl s
100option provides additional security by changing
101the root directory of
102.Nm ,
103thereby prohibiting accesses to outside of the specified
104.Ar directory .
105Because
106.Xr chroot 2
107requires super-user privileges,
108.Nm
109must be run as
110.Li root .
111However, after performing the
112.Xr chroot 2
113call,
114.Nm
115will set its user ID to that of the specified
116.Ar user ,
117or
118.Dq Li nobody
119if no
120.Fl u
121option is specified.
122.Pp
123The options are:
124.Bl -tag -width Ds
125.It Fl c
126Changes the default root directory of a connecting host via
127.Xr chroot 2
128based on the connecting IP address.
129This prevents multiple clients from writing to the same file at the same time.
130If the directory does not exist, the client connection is refused.
131The
132.Fl s
133option is required for
134.Fl c
135and the specified
136.Ar directory
137is used as a base.
138.It Fl C
139Operates the same as
140.Fl c
141except it falls back to
142.Ar directory
143specified via
144.Fl s
145if a directory does not exist for the client's IP.
146.It Fl F
147Use this
148.Xr strftime 3
149compatible format string for the creation of the suffix if
150.Fl W
151is specified.
152By default the string "%Y%m%d" is used.
153.It Fl d, d Ar [value]
154Enables debug output.
155If
156.Ar value
157is not specified, then the debug level is increased by one
158for each instance of
159.Fl d
160which is specified.
161.Pp
162If
163.Ar value
164is specified, then the debug level is set to
165.Ar value .
166The debug level is a bitmask implemented in
167.Pa src/libexec/tftpd/tftp-utils.h .
168Valid values are 0 (DEBUG_NONE), 1 (DEBUG_PACKETS), 2, (DEBUG_SIMPLE),
1694 (DEBUG_OPTIONS), and 8 (DEBUG_ACCESS).  Multiple debug values can be combined
170in the bitmask by logically OR'ing the values.  For example, specifying
171.Fl d
172.Ar 15
173will enable all the debug values.
174.It Fl l
175Log all requests using
176.Xr syslog 3
177with the facility of
178.Dv LOG_FTP .
179.Sy Note :
180Logging of
181.Dv LOG_FTP
182messages
183must also be enabled in the syslog configuration file,
184.Xr syslog.conf 5 .
185.It Fl n
186Suppress negative acknowledgement of requests for nonexistent
187relative filenames.
188.It Fl o
189Disable support for RFC2347 style TFTP Options.
190.It Fl s Ar directory
191Cause
192.Nm
193to change its root directory to
194.Ar directory .
195After doing that but before accepting commands,
196.Nm
197will switch credentials to an unprivileged user.
198.It Fl u Ar user
199Switch credentials to
200.Ar user
201(default
202.Dq Li nobody )
203when the
204.Fl s
205option is used.
206The user must be specified by name, not a numeric UID.
207.It Fl U Ar umask
208Set the
209.Ar umask
210for newly created files.
211The default is 022
212.Pq Dv S_IWGRP | S_IWOTH .
213.It Fl w
214Allow write requests to create new files.
215By default
216.Nm
217requires that the file specified in a write request exist.
218Note that this only works in directories writable by the user
219specified with
220.Fl u
221option
222.It Fl W
223As
224.Fl w
225but append a YYYYMMDD.nn sequence number to the end of the filename.
226Note that the string YYYYMMDD can be changed with the
227.Fl F
228option.
229.El
230.Sh SEE ALSO
231.Xr tftp 1 ,
232.Xr chroot 2 ,
233.Xr syslog 3 ,
234.Xr inetd.conf 5 ,
235.Xr services 5 ,
236.Xr syslog.conf 5 ,
237.Xr inetd 8
238.Pp
239The following RFC's are supported:
240.Rs
241RFC 1350
242.%T The TFTP Protocol (Revision 2)
243.Re
244.Rs
245RFC 2347
246.%T TFTP Option Extension
247.Re
248.Rs
249RFC 2348
250.%T TFTP Blocksize Option
251.Re
252.Rs
253RFC 2349
254.%T TFTP Timeout Interval and Transfer Size Options
255.Re
256.Pp
257The non-standard
258.Cm rollover
259and
260.Cm blksize2
261TFTP options are mentioned here:
262.Rs
263.%T Extending TFTP
264.%U http://www.compuphase.com/tftp.htm
265.Re
266.Sh HISTORY
267The
268.Nm
269utility appeared in
270.Bx 4.2 ;
271the
272.Fl s
273option was introduced in
274.Fx 2.2 ,
275the
276.Fl u
277option was introduced in
278.Fx 4.2 ,
279the
280.Fl c
281option was introduced in
282.Fx 4.3 ,
283and the
284.Fl F
285and
286.Fl W
287options were introduced in
288.Fx 7.4 .
289.Pp
290Support for Timeout Interval and Transfer Size Options (RFC2349)
291was introduced in
292.Fx 5.0 ,
293support for the TFTP Blocksize Option (RFC2348) and the blksize2 option
294was introduced in
295.Fx 7.4 .
296.Pp
297Edwin Groothuis <edwin@FreeBSD.org> performed a major rewrite of the
298.Nm
299and
300.Xr tftp 1
301code to support RFC2348.
302.Sh NOTES
303Files larger than 33,553,919 octets (65535 blocks, last one <512
304octets) cannot be correctly transferred without client and server
305supporting blocksize negotiation (RFCs 2347 and 2348),
306or the non-standard TFTP rollover option.
307As a kludge,
308.Nm
309accepts a sequence of block number which wrap to zero after 65535,
310even if the rollover option is not specified.
311.Pp
312Many tftp clients will not transfer files over 16,776,703 octets
313(32767 blocks), as they incorrectly count the block number using
314a signed rather than unsigned 16-bit integer.
315