1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93 29.\" 30.Dd July 20, 2023 31.Dt TFTPD 8 32.Os 33.Sh NAME 34.Nm tftpd 35.Nd Internet Trivial File Transfer Protocol server 36.Sh SYNOPSIS 37.Nm tftpd 38.Op Fl cdClnow 39.Op Fl F Ar strftime-format 40.Op Fl s Ar directory 41.Op Fl u Ar user 42.Op Fl U Ar umask 43.Op Ar directory ... 44.Sh DESCRIPTION 45The 46.Nm 47utility is a server which supports the 48Internet Trivial File Transfer 49Protocol 50.Pq Tn RFC 1350 . 51The 52.Tn TFTP 53server operates 54at the port indicated in the 55.Ql tftp 56service description; 57see 58.Xr services 5 . 59The server is normally started by 60.Xr inetd 8 . 61.Pp 62The use of 63.Xr tftp 1 64does not require an account or password on the remote system. 65Due to the lack of authentication information, 66.Nm 67will allow only publicly readable files to be 68accessed. 69Files containing the string 70.Dq Li "/../" 71or starting with 72.Dq Li "../" 73are not allowed. 74Files may be written only if they already exist (unless the 75.Fl w 76option is used) and are publicly writable (unless chrooted and the 77.Fl S 78option is used). 79Note that this extends the concept of 80.Dq public 81to include 82all users on all hosts that can be reached through the network; 83this may not be appropriate on all systems, and its implications 84should be considered before enabling tftp service. 85The server should have the user ID with the lowest possible privilege. 86.Pp 87Access to files may be restricted by invoking 88.Nm 89with a list of directories by including up to 20 pathnames 90as server program arguments in 91.Xr inetd.conf 5 . 92In this case access is restricted to files whose 93names are prefixed by the one of the given directories. 94The given directories are also treated as a search path for 95relative filename requests. 96.Pp 97The 98.Fl s 99option provides additional security by changing 100the root directory of 101.Nm , 102thereby prohibiting accesses to outside of the specified 103.Ar directory . 104Because 105.Xr chroot 2 106requires super-user privileges, 107.Nm 108must be run as 109.Li root . 110However, after performing the 111.Xr chroot 2 112call, 113.Nm 114will set its user ID to that of the specified 115.Ar user , 116or 117.Dq Li nobody 118if no 119.Fl u 120option is specified. 121.Pp 122The options are: 123.Bl -tag -width Ds 124.It Fl c 125Changes the default root directory of a connecting host via 126.Xr chroot 2 127based on the connecting IP address. 128This prevents multiple clients from writing to the same file at the same time. 129If the directory does not exist, the client connection is refused. 130The 131.Fl s 132option is required for 133.Fl c 134and the specified 135.Ar directory 136is used as a base. 137.It Fl C 138Operates the same as 139.Fl c 140except it falls back to 141.Ar directory 142specified via 143.Fl s 144if a directory does not exist for the client's IP. 145.It Fl F 146Use this 147.Xr strftime 3 148compatible format string for the creation of the suffix if 149.Fl W 150is specified. 151By default the string "%Y%m%d" is used. 152.It Fl d, d Ar [value] 153Enables debug output. 154If 155.Ar value 156is not specified, then the debug level is increased by one 157for each instance of 158.Fl d 159which is specified. 160.Pp 161If 162.Ar value 163is specified, then the debug level is set to 164.Ar value . 165The debug level is a bitmask implemented in 166.Pa src/libexec/tftpd/tftp-utils.h . 167Valid values are 0 (DEBUG_NONE), 1 (DEBUG_PACKETS), 2, (DEBUG_SIMPLE), 1684 (DEBUG_OPTIONS), and 8 (DEBUG_ACCESS). Multiple debug values can be combined 169in the bitmask by logically OR'ing the values. For example, specifying 170.Fl d 171.Ar 15 172will enable all the debug values. 173.It Fl l 174Log all requests using 175.Xr syslog 3 176with the facility of 177.Dv LOG_FTP . 178.Sy Note : 179Logging of 180.Dv LOG_FTP 181messages 182must also be enabled in the syslog configuration file, 183.Xr syslog.conf 5 . 184.It Fl n 185Suppress negative acknowledgement of requests for nonexistent 186relative filenames. 187.It Fl o 188Disable support for RFC2347 style TFTP Options. 189.It Fl s Ar directory 190Cause 191.Nm 192to change its root directory to 193.Ar directory . 194After doing that but before accepting commands, 195.Nm 196will switch credentials to an unprivileged user. 197.It Fl S 198If 199.Nm 200runs chrooted, the option allows write requests according to generic 201file permissions, skipping requirement for files to be publicly writable. 202The option is ignored for non-chrooted run. 203.It Fl u Ar user 204Switch credentials to 205.Ar user 206(default 207.Dq Li nobody ) 208when the 209.Fl s 210option is used. 211The user must be specified by name, not a numeric UID. 212.It Fl U Ar umask 213Set the 214.Ar umask 215for newly created files. 216The default is 022 217.Pq Dv S_IWGRP | S_IWOTH . 218.It Fl w 219Allow write requests to create new files. 220By default 221.Nm 222requires that the file specified in a write request exist. 223Note that this only works in directories writable by the user 224specified with 225.Fl u 226option 227.It Fl W 228As 229.Fl w 230but append a YYYYMMDD.nn sequence number to the end of the filename. 231Note that the string YYYYMMDD can be changed with the 232.Fl F 233option. 234.El 235.Sh SEE ALSO 236.Xr tftp 1 , 237.Xr chroot 2 , 238.Xr syslog 3 , 239.Xr inetd.conf 5 , 240.Xr services 5 , 241.Xr syslog.conf 5 , 242.Xr inetd 8 243.Pp 244The following RFC's are supported: 245.Rs 246.%T RFC 1350: The TFTP Protocol (Revision 2) 247.Re 248.Rs 249.%T RFC 2347: TFTP Option Extension 250.Re 251.Rs 252.%T RFC 2348: TFTP Blocksize Option 253.Re 254.Rs 255.%T RFC 2349: TFTP Timeout Interval and Transfer Size Options 256.Re 257.Rs 258.%T RFC 7440: TFTP Windowsize Option 259.Re 260.Pp 261The non-standard 262.Cm rollover 263and 264.Cm blksize2 265TFTP options are mentioned here: 266.Rs 267.%T Extending TFTP 268.%U http://www.compuphase.com/tftp.htm 269.Re 270.Sh HISTORY 271The 272.Nm 273utility appeared in 274.Bx 4.2 ; 275the 276.Fl s 277option was introduced in 278.Fx 2.2 , 279the 280.Fl u 281option was introduced in 282.Fx 4.2 , 283the 284.Fl c 285option was introduced in 286.Fx 4.3 , 287the 288.Fl F 289and 290.Fl W 291options were introduced in 292.Fx 7.4 , 293and the 294.Fl S 295option was introduced in 296.Fx 13.3 . 297.Pp 298Support for Timeout Interval and Transfer Size Options (RFC2349) 299was introduced in 300.Fx 5.0 , 301support for the TFTP Blocksize Option (RFC2348) and the blksize2 option 302was introduced in 303.Fx 7.4 . 304.Pp 305Edwin Groothuis <edwin@FreeBSD.org> performed a major rewrite of the 306.Nm 307and 308.Xr tftp 1 309code to support RFC2348. 310.Pp 311Support for the windowsize option (RFC7440) was introduced in 312.Fx 13.0 . 313.Sh NOTES 314Files larger than 33,553,919 octets (65535 blocks, last one <512 315octets) cannot be correctly transferred without client and server 316supporting blocksize negotiation (RFCs 2347 and 2348), 317or the non-standard TFTP rollover option. 318As a kludge, 319.Nm 320accepts a sequence of block number which wrap to zero after 65535, 321even if the rollover option is not specified. 322.Pp 323Many tftp clients will not transfer files over 16,776,703 octets 324(32767 blocks), as they incorrectly count the block number using 325a signed rather than unsigned 16-bit integer. 326