1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93 29.\" $FreeBSD: src/libexec/tftpd/tftpd.8,v 1.6.2.6 2003/04/06 19:42:56 dwmalone Exp $ 30.\" 31.Dd September 14, 2000 32.Dt TFTPD 8 33.Os 34.Sh NAME 35.Nm tftpd 36.Nd Internet Trivial File Transfer Protocol server 37.Sh SYNOPSIS 38.Nm /usr/libexec/tftpd 39.Op Fl cCln 40.Op Fl s Ar directory 41.Op Fl u Ar user 42.Op Ar directory ... 43.Sh DESCRIPTION 44The 45.Nm 46utility is a server which supports the 47Internet Trivial File Transfer 48Protocol 49.Pq Tn RFC 1350 . 50The 51.Tn TFTP 52server operates 53at the port indicated in the 54.Ql tftp 55service description; 56see 57.Xr services 5 . 58The server is normally started by 59.Xr inetd 8 . 60.Pp 61The use of 62.Xr tftp 1 63does not require an account or password on the remote system. 64Due to the lack of authentication information, 65.Nm 66will allow only publicly readable files to be 67accessed. 68Files containing the string ``/\|\fB.\|.\fP\|/'' or starting with 69``\|\fB.\|.\fP\|/'' are not allowed. 70Files may be written only if they already exist and are publicly writable. 71Note that this extends the concept of 72.Dq public 73to include 74all users on all hosts that can be reached through the network; 75this may not be appropriate on all systems, and its implications 76should be considered before enabling tftp service. 77The server should have the user ID with the lowest possible privilege. 78.Pp 79Access to files may be restricted by invoking 80.Nm 81with a list of directories by including up to 20 pathnames 82as server program arguments in 83.Pa /etc/inetd.conf . 84In this case access is restricted to files whose 85names are prefixed by one of the given directories. 86The given directories are also treated as a search path for 87relative filename requests. 88.Pp 89The 90.Fl s 91option provides additional security by changing 92.Nm Ns No 's 93root directory, thereby prohibiting accesses outside of the specified 94.Ar directory . 95Because 96.Xr chroot 2 97requires super-user privileges, 98.Nm 99must be run as root. 100However, after performing the 101.Fn chroot , 102.Nm 103will set its user id to that of the specified 104.Ar user , 105or 106.Dq nobody 107if no 108.Fl u 109option is specified. 110.Pp 111The options are: 112.Bl -tag -width Ds 113.It Fl c 114Changes the default root directory of a connecting host via chroot based on the 115connecting IP address. 116This prevents multiple clients from writing to the same file at the same time. 117If the directory does not exist, the client connection is refused. 118The 119.Fl s 120option is required for 121.Fl c 122and the specified 123.Ar directory 124is used as a base. 125.It Fl C 126Operates the same as 127.Fl c 128except it falls back to 129.Fl s Ns No 's 130.Ar directory 131if a directory does not exist for the client's IP. 132.It Fl l 133Log all requests using 134.Xr syslog 3 135with the facility of 136.Dv LOG_FTP . 137Note: Logging of 138.Dv LOG_FTP 139messages 140must also be enabled in the syslog configuration file, 141.Xr syslog.conf 5 . 142.It Fl n 143Suppress negative acknowledgement of requests for nonexistent 144relative filenames. 145.It Fl s Ar directory 146Cause 147.Nm 148to change its root directory to 149.Pa directory . 150After changing roots but before accepting commands, 151.Nm 152will switch credentials to an unprivileged user. 153.It Fl u Ar user 154Switch credentials to 155.Ar user 156(default 157.Dq nobody ) 158when the 159.Fl s 160option is used. 161The user must be specified by name, not a numeric UID. 162.El 163.Sh SEE ALSO 164.Xr tftp 1 , 165.Xr chroot 2 , 166.Xr inetd 8 , 167.Xr syslogd 8 168.Rs 169.%A K. R. Sollins 170.%T The TFTP Protocol (Revision 2) 171.%D July 1992 172.%O RFC 1350, STD 33 173.Re 174.Sh HISTORY 175The 176.Nm 177utility appeared in 178.Bx 4.2 ; 179the 180.Fl s 181option was introduced in 182.Fx 2.2 , 183the 184.Fl u 185option was introduced in 186.Fx 4.2 , 187and the 188.Fl c 189option was introduced in 190.Fx 4.3 . 191.Sh BUGS 192Files larger than 33488896 octets (65535 blocks) cannot be transferred 193without client and server supporting blocksize negotiation (RFC 1783). 194.Pp 195Many tftp clients will not transfer files over 16744448 octets (32767 blocks). 196