tftpd(1M) tftpd(1M)
tftpd - internet Trivial File Transfer Protocol server
/usr/etc/tftpd [-h homedir] [-l] [-n] [-s] [directory... ]
tftpd is a server that supports the Internet Trivial File Transfer
Protocol (TFTP). The TFTP server operates at the port indicated in the
tftp service description; see services(4). The server is normally
started by inetd(1M).
The use of tftp(1C) does not require an account or password on the remote
system. Due to the lack of authentication information, tftpd allows only
publicly readable files to be accessed. Files containing the string ../
are not allowed. Files can be written only if they already exist and are
publicly writable. Note that this extends the concept of public to
include all users on all hosts that can be reached through the network;
this may not be appropriate on all systems, and its implications should
be considered before enabling TFTP service. The server should be
configured in /etc/inetd.conf to run as the user ID with the lowest
possible privilege.
Relative filenames are looked up in a home directory, /var/boot by
default.
The tftpd options are:
-A Allows the full range of ports to be used.
-h homedir
Changes the home directory to homedir, provided it is an absolute
pathname.
-l Logs all requests using syslog(3C).
-n Suppresses negative acknowledgement of requests for nonexistent or
inaccessible relative filenames. Use -n when operating on a network
with Sun diskless clients that broadcast TFTP requests for bootfiles
named by relative pathnames, to avoid storms of negative
acknowledgements.
-s Rejects requests to read or write an absolute pathname that does not
begin with the home directory prefix and to write a relative
pathname. (See below.)
Normally, tftpd allows unrestricted access to publicly-readable files in
all directories. There are two ways to enhance file security by
restricting access to a smaller set of directories. With the -s option,
tftpd rejects requests to read or write an absolute pathname that does
not begin with the home directory prefix. It also rejects requests to
write a relative pathname. Another method is to restrict access to files
Page 1
tftpd(1M) tftpd(1M)
in a limited number of approved directories by specifying the directory
names, directory, as arguments to tftpd after the other options. For an
absolute pathname request, tftpd allows the request if its name begins
with one of these directories or the home directory. For a relative
pathname request, the home directory and the directory list are searched
in order. Up to ten directories can be listed if no other command-line
options are specified. (inetd limits the total number of command-line
arguments to ten.)
The port range is restricted to 1-32767 on certain platforms while
booting across the network. To use the complete range use the -A option.
inetd(1M), tftp(1C).
P�P�P�Pa�a�a�ag�g�g�ge�e�e�e 2�2�2�2 [ Back ]
|
