xref: /freebsd/libexec/tftpd/tftpd.8 (revision da5432eda807c4b7232d030d5157d5b417ea4f52)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"	@(#)tftpd.8	8.1 (Berkeley) 6/4/93
29.\" $FreeBSD$
30.\"
31.Dd July 20, 2023
32.Dt TFTPD 8
33.Os
34.Sh NAME
35.Nm tftpd
36.Nd Internet Trivial File Transfer Protocol server
37.Sh SYNOPSIS
38.Nm tftpd
39.Op Fl cdClnow
40.Op Fl F Ar strftime-format
41.Op Fl s Ar directory
42.Op Fl u Ar user
43.Op Fl U Ar umask
44.Op Ar directory ...
45.Sh DESCRIPTION
46The
47.Nm
48utility is a server which supports the
49Internet Trivial File Transfer
50Protocol
51.Pq Tn RFC 1350 .
52The
53.Tn TFTP
54server operates
55at the port indicated in the
56.Ql tftp
57service description;
58see
59.Xr services 5 .
60The server is normally started by
61.Xr inetd 8 .
62.Pp
63The use of
64.Xr tftp 1
65does not require an account or password on the remote system.
66Due to the lack of authentication information,
67.Nm
68will allow only publicly readable files to be
69accessed.
70Files containing the string
71.Dq Li "/../"
72or starting with
73.Dq Li "../"
74are not allowed.
75Files may be written only if they already exist (unless the
76.Fl w
77option is used) and are publicly writable (unless chrooted and the
78.Fl S
79option is used).
80Note that this extends the concept of
81.Dq public
82to include
83all users on all hosts that can be reached through the network;
84this may not be appropriate on all systems, and its implications
85should be considered before enabling tftp service.
86The server should have the user ID with the lowest possible privilege.
87.Pp
88Access to files may be restricted by invoking
89.Nm
90with a list of directories by including up to 20 pathnames
91as server program arguments in
92.Xr inetd.conf 5 .
93In this case access is restricted to files whose
94names are prefixed by the one of the given directories.
95The given directories are also treated as a search path for
96relative filename requests.
97.Pp
98The
99.Fl s
100option provides additional security by changing
101the root directory of
102.Nm ,
103thereby prohibiting accesses to outside of the specified
104.Ar directory .
105Because
106.Xr chroot 2
107requires super-user privileges,
108.Nm
109must be run as
110.Li root .
111However, after performing the
112.Xr chroot 2
113call,
114.Nm
115will set its user ID to that of the specified
116.Ar user ,
117or
118.Dq Li nobody
119if no
120.Fl u
121option is specified.
122.Pp
123The options are:
124.Bl -tag -width Ds
125.It Fl c
126Changes the default root directory of a connecting host via
127.Xr chroot 2
128based on the connecting IP address.
129This prevents multiple clients from writing to the same file at the same time.
130If the directory does not exist, the client connection is refused.
131The
132.Fl s
133option is required for
134.Fl c
135and the specified
136.Ar directory
137is used as a base.
138.It Fl C
139Operates the same as
140.Fl c
141except it falls back to
142.Ar directory
143specified via
144.Fl s
145if a directory does not exist for the client's IP.
146.It Fl F
147Use this
148.Xr strftime 3
149compatible format string for the creation of the suffix if
150.Fl W
151is specified.
152By default the string "%Y%m%d" is used.
153.It Fl d, d Ar [value]
154Enables debug output.
155If
156.Ar value
157is not specified, then the debug level is increased by one
158for each instance of
159.Fl d
160which is specified.
161.Pp
162If
163.Ar value
164is specified, then the debug level is set to
165.Ar value .
166The debug level is a bitmask implemented in
167.Pa src/libexec/tftpd/tftp-utils.h .
168Valid values are 0 (DEBUG_NONE), 1 (DEBUG_PACKETS), 2, (DEBUG_SIMPLE),
1694 (DEBUG_OPTIONS), and 8 (DEBUG_ACCESS).  Multiple debug values can be combined
170in the bitmask by logically OR'ing the values.  For example, specifying
171.Fl d
172.Ar 15
173will enable all the debug values.
174.It Fl l
175Log all requests using
176.Xr syslog 3
177with the facility of
178.Dv LOG_FTP .
179.Sy Note :
180Logging of
181.Dv LOG_FTP
182messages
183must also be enabled in the syslog configuration file,
184.Xr syslog.conf 5 .
185.It Fl n
186Suppress negative acknowledgement of requests for nonexistent
187relative filenames.
188.It Fl o
189Disable support for RFC2347 style TFTP Options.
190.It Fl s Ar directory
191Cause
192.Nm
193to change its root directory to
194.Ar directory .
195After doing that but before accepting commands,
196.Nm
197will switch credentials to an unprivileged user.
198.It Fl S
199If
200.Nm
201runs chrooted, the option allows write requests according to generic
202file permissions, skipping requirement for files to be publicly writable.
203The option is ignored for non-chrooted run.
204.It Fl u Ar user
205Switch credentials to
206.Ar user
207(default
208.Dq Li nobody )
209when the
210.Fl s
211option is used.
212The user must be specified by name, not a numeric UID.
213.It Fl U Ar umask
214Set the
215.Ar umask
216for newly created files.
217The default is 022
218.Pq Dv S_IWGRP | S_IWOTH .
219.It Fl w
220Allow write requests to create new files.
221By default
222.Nm
223requires that the file specified in a write request exist.
224Note that this only works in directories writable by the user
225specified with
226.Fl u
227option
228.It Fl W
229As
230.Fl w
231but append a YYYYMMDD.nn sequence number to the end of the filename.
232Note that the string YYYYMMDD can be changed with the
233.Fl F
234option.
235.El
236.Sh SEE ALSO
237.Xr tftp 1 ,
238.Xr chroot 2 ,
239.Xr syslog 3 ,
240.Xr inetd.conf 5 ,
241.Xr services 5 ,
242.Xr syslog.conf 5 ,
243.Xr inetd 8
244.Pp
245The following RFC's are supported:
246.Rs
247.%T RFC 1350: The TFTP Protocol (Revision 2)
248.Re
249.Rs
250.%T RFC 2347: TFTP Option Extension
251.Re
252.Rs
253.%T RFC 2348: TFTP Blocksize Option
254.Re
255.Rs
256.%T RFC 2349: TFTP Timeout Interval and Transfer Size Options
257.Re
258.Rs
259.%T RFC 7440: TFTP Windowsize Option
260.Re
261.Pp
262The non-standard
263.Cm rollover
264and
265.Cm blksize2
266TFTP options are mentioned here:
267.Rs
268.%T Extending TFTP
269.%U http://www.compuphase.com/tftp.htm
270.Re
271.Sh HISTORY
272The
273.Nm
274utility appeared in
275.Bx 4.2 ;
276the
277.Fl s
278option was introduced in
279.Fx 2.2 ,
280the
281.Fl u
282option was introduced in
283.Fx 4.2 ,
284the
285.Fl c
286option was introduced in
287.Fx 4.3 ,
288the
289.Fl F
290and
291.Fl W
292options were introduced in
293.Fx 7.4 ,
294and the
295.Fl S
296option was introduced in
297.Fx 13.3 .
298.Pp
299Support for Timeout Interval and Transfer Size Options (RFC2349)
300was introduced in
301.Fx 5.0 ,
302support for the TFTP Blocksize Option (RFC2348) and the blksize2 option
303was introduced in
304.Fx 7.4 .
305.Pp
306Edwin Groothuis <edwin@FreeBSD.org> performed a major rewrite of the
307.Nm
308and
309.Xr tftp 1
310code to support RFC2348.
311.Pp
312Support for the windowsize option (RFC7440) was introduced in
313.Fx 13.0 .
314.Sh NOTES
315Files larger than 33,553,919 octets (65535 blocks, last one <512
316octets) cannot be correctly transferred without client and server
317supporting blocksize negotiation (RFCs 2347 and 2348),
318or the non-standard TFTP rollover option.
319As a kludge,
320.Nm
321accepts a sequence of block number which wrap to zero after 65535,
322even if the rollover option is not specified.
323.Pp
324Many tftp clients will not transfer files over 16,776,703 octets
325(32767 blocks), as they incorrectly count the block number using
326a signed rather than unsigned 16-bit integer.
327