1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93 29.\" $FreeBSD: src/libexec/tftpd/tftpd.8,v 1.6.2.6 2003/04/06 19:42:56 dwmalone Exp $ 30.\" $DragonFly: src/libexec/tftpd/tftpd.8,v 1.3 2007/11/23 23:16:36 swildner Exp $ 31.\" 32.Dd September 14, 2000 33.Dt TFTPD 8 34.Os 35.Sh NAME 36.Nm tftpd 37.Nd Internet Trivial File Transfer Protocol server 38.Sh SYNOPSIS 39.Nm /usr/libexec/tftpd 40.Op Fl cCln 41.Op Fl s Ar directory 42.Op Fl u Ar user 43.Op Ar directory ... 44.Sh DESCRIPTION 45The 46.Nm 47utility is a server which supports the 48Internet Trivial File Transfer 49Protocol 50.Pq Tn RFC 1350 . 51The 52.Tn TFTP 53server operates 54at the port indicated in the 55.Ql tftp 56service description; 57see 58.Xr services 5 . 59The server is normally started by 60.Xr inetd 8 . 61.Pp 62The use of 63.Xr tftp 1 64does not require an account or password on the remote system. 65Due to the lack of authentication information, 66.Nm 67will allow only publicly readable files to be 68accessed. 69Files containing the string ``/\|\fB.\|.\fP\|/'' or starting with 70``\|\fB.\|.\fP\|/'' are not allowed. 71Files may be written only if they already exist and are publicly writable. 72Note that this extends the concept of 73.Dq public 74to include 75all users on all hosts that can be reached through the network; 76this may not be appropriate on all systems, and its implications 77should be considered before enabling tftp service. 78The server should have the user ID with the lowest possible privilege. 79.Pp 80Access to files may be restricted by invoking 81.Nm 82with a list of directories by including up to 20 pathnames 83as server program arguments in 84.Pa /etc/inetd.conf . 85In this case access is restricted to files whose 86names are prefixed by the one of the given directories. 87The given directories are also treated as a search path for 88relative filename requests. 89.Pp 90The 91.Fl s 92option provides additional security by changing 93.Nm Ns No 's 94root directory, thereby prohibiting accesses outside of the specified 95.Ar directory . 96Because 97.Xr chroot 2 98requires super-user privileges, 99.Nm 100must be run as root. 101However, after performing the 102.Fn chroot , 103.Nm 104will set its user id to that of the specified 105.Ar user , 106or 107.Dq nobody 108if no 109.Fl u 110option is specified. 111.Pp 112The options are: 113.Bl -tag -width Ds 114.It Fl c 115Changes the default root directory of a connecting host via chroot based on the 116connecting IP address. 117This prevents multiple clients from writing to the same file at the same time. 118If the directory does not exist, the client connection is refused. 119The 120.Fl s 121option is required for 122.Fl c 123and the specified 124.Ar directory 125is used as a base. 126.It Fl C 127Operates the same as 128.Fl c 129except it falls back to 130.Fl s Ns No 's 131.Ar directory 132if a directory does not exist for the client's IP. 133.It Fl l 134Log all requests using 135.Xr syslog 3 136with the facility of 137.Dv LOG_FTP . 138Note: Logging of 139.Dv LOG_FTP 140messages 141must also be enabled in the syslog configuration file, 142.Xr syslog.conf 5 . 143.It Fl n 144Suppress negative acknowledgement of requests for nonexistent 145relative filenames. 146.It Fl s Ar directory 147Cause 148.Nm 149to change its root directory to 150.Pa directory . 151After changing roots but before accepting commands, 152.Nm 153will switch credentials to an unprivileged user. 154.It Fl u Ar user 155Switch credentials to 156.Ar user 157(default 158.Dq nobody ) 159when the 160.Fl s 161option is used. 162The user must be specified by name, not a numeric UID. 163.El 164.Sh SEE ALSO 165.Xr tftp 1 , 166.Xr chroot 2 , 167.Xr inetd 8 , 168.Xr syslogd 8 169.Rs 170.%A K. R. Sollins 171.%T The TFTP Protocol (Revision 2) 172.%D July 1992 173.%O RFC 1350, STD 33 174.Re 175.Sh HISTORY 176The 177.Nm 178utility appeared in 179.Bx 4.2 ; 180the 181.Fl s 182option was introduced in 183.Fx 2.2 , 184the 185.Fl u 186option was introduced in 187.Fx 4.2 , 188and the 189.Fl c 190option was introduced in 191.Fx 4.3 . 192.Sh BUGS 193Files larger than 33488896 octets (65535 blocks) cannot be transferred 194without client and server supporting blocksize negotiation (RFC 1783). 195.Pp 196Many tftp clients will not transfer files over 16744448 octets (32767 blocks). 197